Keep getting “File uploaded successfull.y”, but no file can be found. Is this a rabbit hole, or am I missing something?
It’s not, I saw two reverse shells uploaded successfully, however I get the same result, the ‘upload succesfull.y’ and nothing uploaded
And one of the rev shell I saw uploaded doesn’t have the first line equal to all others plugins so I don’t really know whats going on with that, is it a CTF like?
fixed my issue. for those in the same spot, stop going through the wrapper. think of where the destination is and try a simpler path. hope that make sense without spoiling anything.
So far awesome box - just stuck with the user flag. I do have a shell, but not as the right user and so far no root. Can’t see a way to get user.txt. Any hints?
EDIT: I think I’m on to it. Learned another useful command for priv esc and a new priv esc technique. Nice!
please DM hints. I am stuck with sftp. I know this may be obvious but I can upload files with sftp and able to change file permissions still unable to get shell. any help?
please DM hints. I am stuck with sftp. I know this may be obvious but I can upload files with sftp and able to change file permissions still unable to get shell. any help?
Uploading a shell from SFTP won’t work as far as I know. Use the command help and find something that can get you to read something… Anything past that is a spoiler so I won’t tell more. Feel free to pm me though
Anyone can help me with the last step ? I am almost sure that I properly prepared my own server, but when I try it from reverse shell, I only get error 404 and dunno why.
Would anyone be able to assist with intercepting the tunnel traffic with burp? I’ve been struggling to get this working correctly but feel I am super close.
Can someone give me a hint about sftp part?
I tried creating links, but i limited in web root (www), so i didn’t manage browse something interesting.
And i tried uploading shell and giving 777 to it, but getting 403 all the time.
What am i missing?
EDIT: Working only in sftp tunneled my vision, didn’t thought how different environments may interact with same object.
Moved on, but did not managed uploading reverse/command shell from sftp.
Finally got root! That was a pretty cool box, though root was definitely finicky. lol
A tip for people working on root:
People on stackoverflow don’t know ■■■■. Do not ever trust their answers and do more thorough research to confirm it. Got completely dead-ended because I trusted something I read there to rule out one of my approaches.
Would anyone be able to assist with intercepting the tunnel traffic with burp? I’ve been struggling to get this working correctly but feel I am super close.
remove 127.0.0.1, localhost from exceptions in browser
Awesome box, from beggining to end. Congrats to @jkr for the great work done here. It’s not an easy one, but you can learn a lot from every step if they don’t just tell you how to do it. Root is mindblowing. My tip: This box is so well made it tells you exactly what you need to know. Things will stand out, you’re probably on the right track. Nothing is here by chance. READ every piece very very carefully and think on how to turn it around to your advantage.
Would anyone be able to assist with intercepting the tunnel traffic with burp? I’ve been struggling to get this working correctly but feel I am super close.
remove the directive in firefox on network settings for proxy to bypass for 127.0.0.1
I had same issue box is very unstable waiting two days for this to work so i can go for root me and 3 guys were having major issues last night