I have read all of the threads and still need some help. I went the F** route and was able to manually run the exploit and get access through telnet. I am now stuck, i have used the help command and cant find anything useful. I also found how to run system commands but a security feature is disabling me from running them. Please give me some direction.
At this point, and after a lot of posts, it’s not a secret that you are inside a PHP evironment, similar as when you execute python in a shell. Well, from this point on, fin the proper PHP functions which allow you to do things you usually do with a regular shell, like, let’s say… listing directories, reading files… among others
SO far I have user flag, and initial shell as p********. Struggling to work out what to do from here. I have been painstakingly looking at ne/m******e js and ii for the last few hours hitting brick walls. Is this the right train of thought? I am still fairly new to linux as a whole, so what might be obvious for some, will take me ages to work out, especially when it’s those ones where things aren’t working as they should (as I don’t know for the most part how they should be working in the first place). Any sort of hints would be awesome!
this box took me way longer that it should have. Thanks for the hints. I can finally sleep.
hint for user: analyze whats happening when you click on links. There are multiple LFI injection points. Some give you good info that is useful on the next LFI. I spent a lot of time trying upload a reverse shell with no success. Reading files with LFI is enough to get you shell on the box.
hint for root: pay attention to whats happening on the box. Like most real world servers; there are processes and/or jobs that kick off a regular basis.
So I believe I’m very close to successful privesc… Have an easy in back into the box with the P user, 95% sure which file is the one I need (based on permissions), but I’m at a loss of how to use it.
Anyone here can help me? I have been trying to use ***0 port for exploiting but then after some time it automatically closes and then i have to reset the machine to be able to do so again! Any one who has faced this issue and can tell a solution?