Hint for HELP

■■■■ stupid!
Banging my head against the upload for hours.
Don’t believe the programmer. Believe the code.

Root was pretty easy, though.
I’m still curious about the other method, will try that.

I am stuck in the upload section. I am not getting my files uploaded even though I edited the exploit. Can anyone help me out in PM?
Edit: just got it done 5 minutes after the comment

If someone need some help pm me … i’m ready to help <3

It’s a fun machine. After getting user just need 5 minutes to get root. User part was a bit tricky.
Those who are stuck in the user part, my only hint to you don’t trust any message and take a close look at h*******z github page.

Rooted.
If somebody needs a nudge: feel free to contact me.

I did not use the highport. If somebody did figure out how to get the creds there I’d be happy to know how. :slight_smile:

I’m confused…

I have retrieved the credentials from the alternative service. I then proceed to authenticate using these credentials on the obvious http service but now do I just use the well known unauthenticated RCE exploit against this service lol? Isn’t that a bit counter intuitive?

Am I missing another service to auth with?

Type your comment> @s1lence said:

I’m confused…

I have retrieved the credentials from the alternative service. I then proceed to authenticate using these credentials on the obvious http service but now do I just use the well known unauthenticated RCE exploit against this service lol? Isn’t that a bit counter intuitive?

Am I missing another service to auth with?

Could you PM with some guidance on this? Thank you!

Can someone give a a hint for privEsc? tried d****C** but didn’t worked.

EDIT:
Rooted, didnt noticed i rooted because got NO prompt that the exploit was finished.

I will post here a tip that I would have loved to read 2 days ago for root :
If you tried to run something and expected a root shell to pop, but for some reason it didn’t (shells were particulary tricky for me with this challenge and I wasted a lot of time with it), maybe it is OK, maybe you don’t need the bash. Maybe executing stuff as root is enough, and you can adapt your tests according to this.

I am a total noob and I need some help. I have done searchsploit on HelpDeskz and found 2 exploits sql and arbitory code excecution.SQLmap said there are no exploits and don’t know how to get arbitrary code execution. I have also looked at the source code of node.js and could not see any exploits. I am now very stuck and would very much appreciate some help.

Im needing assistence with this Box please.
I know ive got the right path and the correct exploit.
Can someone please dm me , i cant run the exploit in the intendend way.
Any help would be great :slight_smile:

Got the user RCE working really well now, been stuck up on root for a little while though. Trying to avoid using k****l exploit.

Hello,
Can some one help me with root !! Please :anguished:

I am stuck for a week. can someone give me “hint” how to upload r****** s****. I always got “CSRF” message

could I get some help on getting a shell? I have looked at the GitHub code for the webbap … I have the exploit but just cant get a call back … im sure it somthing stupid that Im missing

Type your comment> @herapen09 said:

I am stuck for a week. can someone give me “hint” how to upload r****** s****. I always got “CSRF” message

I’m lost…need HELP

Hello everyone, just rooted this box but not without the help of this great community. If anyone needs help you can PM me. Hints hopefully without spoiling, for the script to run you need to find 3 parameters and time travel is both back and forward in time. for root linenum and searchsploit your way to root.

I am able to find my file if it’s a jpg or txt. But I can’t get around the file type filter. Tried using Burp but that captcha is screwing things up. I feel so close. Any help would be great.

Type your comment> @FlompyDoo said:

I am able to find my file if it’s a jpg or txt. But I can’t get around the file type filter. Tried using Burp but that captcha is screwing things up. I feel so close. Any help would be great.

Don’t believe everything u read :wink: