LaCasaDePapel

Type your comment> @ZaphodBB said:

Trying to get my head around root - I know its something to do with “M*******D” but cant get the syntax quite right

Got told to “think like a user” - which is of no help to me at all as i rarely ever have to deal with users :slight_smile:

Think what you want that happens. Write it in a shell line, and think where to put this line

@br0k3nc0rk Can you PM about the nudge?

Really missed one crucial bit of the puzzle, MANY Thanks to @Kinjo for pointing out the error of my ways…

Got root. Thanks to @AzAxIaL and @Kinjo for answering my questions.

funbox!! got root and user happy to help anybody thats losing their minds

@GChester i was on the same box as you trying to figure out root saw what u did , u helped me outt LOL

anyone here kind soul willing to pm me on this box…i’m stucked at LFI part…

help would be appreciated …

And rooted

Just a couple things.

1 - The hint that says “think like a user”. I still don’t understand the relevance

2 - Deleting necessary files is just dumb. Make a backup instead !!!

User :

I went for the “Old Backdoor” . Enumerate services, find out what is running. if you cant execute regular commands, again use a search engine to find out what this shell can do.

Once you have figured this a little basic php code will be useful. You should be able to find a very useful file for the next step and something that can make this shell a little more stable

Back to the website - there is more than enough information on this thread for generating whats needed

Root :

By this time you should have a means to quickly get back into the box. I’d recommend resetting before going for root as there are a LOT of idiots who are messing with files and screwing it up for others

Don’t waste time searching through folders - everything you need is there in front of you, just check the permissions and it will become obvious

Hey Everyone,

I have read all of the threads and still need some help. I went the F** route and was able to manually run the exploit and get access through telnet. I am now stuck, i have used the help command and cant find anything useful. I also found how to run system commands but a security feature is disabling me from running them. Please give me some direction.

Type your comment> @p0wn3y said:

Hey Everyone,

I have read all of the threads and still need some help. I went the F** route and was able to manually run the exploit and get access through telnet. I am now stuck, i have used the help command and cant find anything useful. I also found how to run system commands but a security feature is disabling me from running them. Please give me some direction.

At this point, and after a lot of posts, it’s not a secret that you are inside a PHP evironment, similar as when you execute python in a shell. Well, from this point on, fin the proper PHP functions which allow you to do things you usually do with a regular shell, like, let’s say… listing directories, reading files… among others

Hey all,

New to hacking - wannabe pentenster.

SO far I have user flag, and initial shell as p********. Struggling to work out what to do from here. I have been painstakingly looking at ne/m******e js and ii for the last few hours hitting brick walls. Is this the right train of thought? I am still fairly new to linux as a whole, so what might be obvious for some, will take me ages to work out, especially when it’s those ones where things aren’t working as they should (as I don’t know for the most part how they should be working in the first place). Any sort of hints would be awesome!

Thanks heaps!

Currently stuck on user flag, and going slightly insane with the initial shell. Any help would be very welcome! Please PM if you can :slight_smile:

Type your comment> @M0rn1ngst4r said:

Currently stuck on user flag, and going slightly insane with the initial shell. Any help would be very welcome! Please PM if you can :slight_smile:

Same boat

I have a Private Key, but can’t get it to work with any of the users, any nudge would really help

EDIT - Logged into HTTPS, now just struggling with LFI

Type your comment> @M0rn1ngst4r said:

I have a Private Key, but can’t get it to work with any of the users, any nudge would really help

You are on the right spot, if you really try the key with each user in the system then reset the server :slight_smile:

this box took me way longer that it should have. Thanks for the hints. I can finally sleep.

hint for user: analyze whats happening when you click on links. There are multiple LFI injection points. Some give you good info that is useful on the next LFI. I spent a lot of time trying upload a reverse shell with no success. Reading files with LFI is enough to get you shell on the box.

hint for root: pay attention to whats happening on the box. Like most real world servers; there are processes and/or jobs that kick off a regular basis.

I have the stable shell, what do I have to do now?
Can you please help me, by pm.
Thank you!

This is slightly odd, but has anyone run into an issue with killing the HTTPS service when attempting LFI?

I learned a lot from getting user! Like many, I overthought root. hours of work for a couple minutes of effort.

Stuck on the privesc…never really encountered cr** j**s before, so any pointers would be very welcome