ya its something stupid were missing
soooo…ummm. about this user? Is there something that needs to be done in order to access php files uploaded? I was trying to find a way to access pages locally but having no luck.
Thanks all
What a rush to the finish line - thanks all for making it nice and tense
Regarding hints for the box, I’m happy to help, but I get quite a lot of messages recently, and it can be hard to keep up. Please consider if your question could be asked here instead of privately, so others could also benefit from the same hint - if it’s not too spoilery, of course.
Have fun with the box, it’s really well made. And props to @jkr for making it - it’s super polished.
Type your comment> @mprox said:
Thanks all
What a rush to the finish line - thanks all for making it nice and tense
Regarding hints for the box, I’m happy to help, but I get quite a lot of messages recently, and it can be hard to keep up. Please consider if your question could be asked here instead of privately, so others could also benefit from the same hint - if it’s not too spoilery, of course.
Have fun with the box, it’s really well made. And props to @jkr for making it - it’s super polished.
anyway to use plugin-upload as a attack vector
Ok perfect is the ws a rabbit hole for stats
any one have any hints? im stuck after getting sftp access
In the same spot
stuck after getting user and finding the plugin-upload page
anyone can give any hints , dont know if sftp is the right path.
For user, I can confirm that sftp is the right path.
Don’t forget there is a help
command and try the different commands that are availlable. This give you a better idea of the privileges you have, and you might find how some useful commands aren’t restricted.
Lol user was easy and interesting.
Have gotten a reverse shell and am working on root.
Is s*** /usr/bin/a****** u*****
a rabbit hole, or should I continue along that path?
Well there is interesting thing I’m seeing there after running reverse shell command!
EDIT: Lol I was doing something a terrible wrong
Anyone have some hint for start ? I am able to upload via sftp, but php seems do not work
Can someone please help… As stuck after the sftp access… Tried with many reverse shell for image or php none of them are working…
1 2 7 3
Gotta use sftp.
Is the final step for root just a** takeover? Or am i just chasing ghosts here
Type your comment> @FlameOfIgnis said:
Is the final step for root just a** takeover? Or am i just chasing ghosts here
I’m in this same spot thinking the same thing.
so the sftp part was easy but not sure where to go from there … able to upload but not get callback … any hints?