1 - The hint that says “think like a user”. I still don’t understand the relevance
2 - Deleting necessary files is just dumb. Make a backup instead !!!
User :
I went for the “Old Backdoor” . Enumerate services, find out what is running. if you cant execute regular commands, again use a search engine to find out what this shell can do.
Once you have figured this a little basic php code will be useful. You should be able to find a very useful file for the next step and something that can make this shell a little more stable
Back to the website - there is more than enough information on this thread for generating whats needed
Root :
By this time you should have a means to quickly get back into the box. I’d recommend resetting before going for root as there are a LOT of idiots who are messing with files and screwing it up for others
Don’t waste time searching through folders - everything you need is there in front of you, just check the permissions and it will become obvious
I have read all of the threads and still need some help. I went the F** route and was able to manually run the exploit and get access through telnet. I am now stuck, i have used the help command and cant find anything useful. I also found how to run system commands but a security feature is disabling me from running them. Please give me some direction.
I have read all of the threads and still need some help. I went the F** route and was able to manually run the exploit and get access through telnet. I am now stuck, i have used the help command and cant find anything useful. I also found how to run system commands but a security feature is disabling me from running them. Please give me some direction.
At this point, and after a lot of posts, it’s not a secret that you are inside a PHP evironment, similar as when you execute python in a shell. Well, from this point on, fin the proper PHP functions which allow you to do things you usually do with a regular shell, like, let’s say… listing directories, reading files… among others
SO far I have user flag, and initial shell as p********. Struggling to work out what to do from here. I have been painstakingly looking at ne/m******e js and ii for the last few hours hitting brick walls. Is this the right train of thought? I am still fairly new to linux as a whole, so what might be obvious for some, will take me ages to work out, especially when it’s those ones where things aren’t working as they should (as I don’t know for the most part how they should be working in the first place). Any sort of hints would be awesome!
this box took me way longer that it should have. Thanks for the hints. I can finally sleep.
hint for user: analyze whats happening when you click on links. There are multiple LFI injection points. Some give you good info that is useful on the next LFI. I spent a lot of time trying upload a reverse shell with no success. Reading files with LFI is enough to get you shell on the box.
hint for root: pay attention to whats happening on the box. Like most real world servers; there are processes and/or jobs that kick off a regular basis.