onetwoseven

ya its something stupid were missing

Congratz to @mprox, that was incredibly fast

soooo…ummm. about this user? Is there something that needs to be done in order to access php files uploaded? I was trying to find a way to access pages locally but having no luck.

Thanks all :slight_smile:

What a rush to the finish line - thanks all for making it nice and tense :sunglasses:

Regarding hints for the box, I’m happy to help, but I get quite a lot of messages recently, and it can be hard to keep up. Please consider if your question could be asked here instead of privately, so others could also benefit from the same hint - if it’s not too spoilery, of course.

Have fun with the box, it’s really well made. And props to @jkr for making it - it’s super polished.

Type your comment> @mprox said:

Thanks all :slight_smile:

What a rush to the finish line - thanks all for making it nice and tense :sunglasses:

Regarding hints for the box, I’m happy to help, but I get quite a lot of messages recently, and it can be hard to keep up. Please consider if your question could be asked here instead of privately, so others could also benefit from the same hint - if it’s not too spoilery, of course.

Have fun with the box, it’s really well made. And props to @jkr for making it - it’s super polished.

anyway to use plugin-upload as a attack vector

Ok perfect is the ws a rabbit hole for stats

any one have any hints? im stuck after getting sftp access

In the same spot

stuck after getting user and finding the plugin-upload page :confused:

anyone can give any hints , dont know if sftp is the right path.

For user, I can confirm that sftp is the right path.
Don’t forget there is a help command and try the different commands that are availlable. This give you a better idea of the privileges you have, and you might find how some useful commands aren’t restricted.

Lol user was easy and interesting.

Have gotten a reverse shell and am working on root.

Is s*** /usr/bin/a****** u***** a rabbit hole, or should I continue along that path?

Well there is interesting thing I’m seeing there after running reverse shell command!
EDIT: Lol I was doing something a terrible wrong

Anyone have some hint for start ? I am able to upload via sftp, but php seems do not work :frowning:

Can someone please help… As stuck after the sftp access… Tried with many reverse shell for image or php none of them are working…

1 2 7 3
Gotta use sftp. :slight_smile:

Is the final step for root just a** takeover? Or am i just chasing ghosts here

Type your comment> @FlameOfIgnis said:

Is the final step for root just a** takeover? Or am i just chasing ghosts here

I’m in this same spot thinking the same thing.

so the sftp part was easy but not sure where to go from there … able to upload but not get callback … any hints?