onetwoseven

WoW ! I loved the way to root !

Got reverse shell if anyone wouldn’t mind giving me a hint for root :slight_smile:

The box is really slow. Maybe that’s the case only on the free servers. But is someone is brute forcing something that’s not the intended way, check everything first and you will find what you need to go forward .

sarange: if you have loooong timeouts, check your ifconfig. You should have only one tun interface.
If you have more that one, reset your Kali.
I had similar problem yesterday…

Type your comment> @PavelKCZ said:

sarange: if you have loooong timeouts, check your ifconfig. You should have only one tun interface.
If you have more that one, reset your Kali.
I had similar problem yesterday…

Thanks for the tip, I had my VPN up but I never had issues with that. You always learn something new :smiley:

EDIT:

Using a command I used before, I got it to work. For some reason, it gave me Permission denied before.

Should I get a page after tunneling to the admin port? I’ve found some directories but I get a 404 for index.php.

Hi folks,

got the user flag but not sure if it was a leftover from somebody else. Can somebody hit me up and confirm it?

This box seems very unstable … anyone else having issues?

Keep getting “File uploaded successfull.y”, but no file can be found. Is this a rabbit hole, or am I missing something?

just a trick i did on the pload to not even bother for searching my file: i took a look at how other pluns are coded and just added the first line of the code on my plin. After the upload i got a nice link to my file on the front page together with the other pl***ns…

Type your comment> @cdf123 said:

Keep getting “File uploaded successfull.y”, but no file can be found. Is this a rabbit hole, or am I missing something?

It’s not, I saw two reverse shells uploaded successfully, however I get the same result, the ‘upload succesfull.y’ and nothing uploaded

And one of the rev shell I saw uploaded doesn’t have the first line equal to all others plugins so I don’t really know whats going on with that, is it a CTF like?

any help for plugin upload guys :slight_smile:

fixed my issue. for those in the same spot, stop going through the wrapper. think of where the destination is and try a simpler path. hope that make sense without spoiling anything.

Really cool box so far! I would be really happy if someone would be so kind to PM me a hint.

I’ve managed to get “upload succesfull.y”, but I cannot find my upload anywhere? Hmm…

So far awesome box - just stuck with the user flag. I do have a shell, but not as the right user and so far no root. Can’t see a way to get user.txt. Any hints?

EDIT: I think I’m on to it. Learned another useful command for priv esc and a new priv esc technique. Nice!

Hey guys, I have a problem.

Today when I was in class I tried (and succeded) to get to the high-port website, now I used the same method at home and I get this error:

channel 5: open failed: administratively prohibited: open failed

What’s wrong?

– EDIT –

FIXED, if your getting that error try to change “localhost” with 127.0.0.1

Type your comment> @Alurith said:

Hey guys, I have a problem.

Today when I was in class I tried (and succeded) to get to the high-port website, now I used the same method at home and I get this error:

channel 5: open failed: administratively prohibited: open failed

What’s wrong?

I think your SSH tunnel is wrong

please DM hints. I am stuck with sftp. I know this may be obvious but I can upload files with sftp and able to change file permissions still unable to get shell. any help?

Type your comment> @andrhtb said:

please DM hints. I am stuck with sftp. I know this may be obvious but I can upload files with sftp and able to change file permissions still unable to get shell. any help?
Uploading a shell from SFTP won’t work as far as I know. Use the command help and find something that can get you to read something… Anything past that is a spoiler so I won’t tell more. Feel free to pm me though