onetwoseven

need a small nudge for finding credentials, i have access to the admin panel but i have not been able to grab any credentials. Found the /addon/ folder as well

How do u get a shell? I have a php shell but it gives me 403 error. even when i tested with a file that was not present like ex.php, instead of giving a not found, it gave me 403. How do i change the server to accept php file? Or any other ways?

Type your comment> @Alpha19IR1 said:

How do u get a shell? I have a php shell but it gives me 403 error. even when i tested with a file that was not present like ex.php, instead of giving a not found, it gave me 403. How do i change the server to accept php file? Or any other ways?

Try to look and check the code of modules you already see in the admin section. Make your own based on them. Change step by step then if you have to.

This box is a true work of art. Thank you!

I feel like I’m on the right path to root. Can anyone PM me to discuss it? I don’t wanna spam all you guys who rooted this box…

Off topic: There are around 60 machines in the OSCP lab. If you are able to root min 75-80% of the machines, reach also the admin subnet and root the admin machines then you can assume that you are enough prepared for the 24h OSCP exam.
Working on these number of machines in 2-3 months (depends on your lab time) gives a nice routine which helps to manage the 5 machines in 24 hours.

I didn’t have too much time in OSCP labs. I only had a budget for 30 days of lab time. Since I was new to penetration testing I was trying to do as much as I can in those 30 days (taking into account that I have daily job and family). All in all I manage to root less than 20 machines although I concentrated on the hardest ones. The rest I was practicing on HTB and learning by watching IPSEC videos. Those <20 machines plus HTB practice was more that enough to pass OSCP exam. It took me aprox 1.5h per OSCP exam machine. Doing mid level HTB machines were very helpful to me.

guy i found admin port 6*8** and i need to tunnel is through ssh. need help. i did lot of commands.

This was epic - thanks @jkr :slight_smile:

I think this was the first time I accidentally patched the vuln I wanted to exploit in one of my tests :wink:

So I seriously hate that I’ve had to write in the forums for help for every single box I have done but I am seriously stuck on this and I’m going on 8 total hours worked on this box… Anyways, I log into the sp server and use Hp, but I have no idea how to use any of the commands for my good. I have tried everything and nothing seems to get me anywhere. Could someone PM me some hints as I cannot get an initial foothold on this box and its really starting to get to me lol.

So, I’ve got the user flag, but I’m stuck at finding the password for admin, if this is even necessary. As far as I can see this is the next step.
Any tips are greatly appreciated!

Something that helped me - when you’re in SFTP and you’re trying the commands you think will help you out, don’t assume the change you made will be obvious to you within SFTP. What is the other way you’re accessing this machine? And what was the command that you input intended to do? I’ll bet you have figured out the right command if you have tried everything (like I had), but its not always immediately obvious what has happened. Think about the folder you have jumped into in SFTP what is its purpose? Hope this helps a bit for people stuck on initial foothold/user

I’m attempting to mess around with a particular page on the admin panel by manipulating its POST data, but I can’t seem to get my request to go through with an uploaded shell and neither can I get the error messages in the disclosed source file. A review of the web page source indicates a certain web page should be processing the request, but it does not exist based on a 404 error.

Any hint on what I should look?

@groganard
You know the location of the php used to process uploads, are you making sure the form action is pointing to the appropriate place? If you analyse the source code carefully of that file, you will see some obstacles you need to overcome in order for the upload to work.

Hi there!
@jkr thanks! It’s very awesome box!
Root:
Usually enumeration with carefully reading. Think about the host name and a basic security recommendations. Then create a sploit and tree. Be patient. Start the natural command and get root!
If you need a handing help feel free to send me PM.

Can someone give me some help with getting user? i found the creds in the site and now have S**P access. I have asked the machine for help and see the available commands and tried them all to no avail. Please give me some direction.

Can i have a nudge for getting shell i understand what to do but when ever i try to execute the exploit i get file succesfully uploaded but it isnt there…

Type your comment> @marshy said:

Can i have a nudge for getting shell i understand what to do but when ever i try to execute the exploit i get file succesfully uploaded but it isnt there…

Same here, would appreciate a nudge too.

Type your comment> @marshy said:

Can i have a nudge for getting shell i understand what to do but when ever i try to execute the exploit i get file succesfully uploaded but it isnt there…

Think about where php is executing on the server when you get that message. Maybe a different road will take you to where you want to be.

Can someone give me some help with getting user? i found the creds in the site and now have S**P access. I have asked the machine for help and see the available commands and tried them all to no avail. Please give me some direction.

Edit: i do not understand how i can view the remote files? am i supposed to just guess file locations?

Had a freakin blast with this box. Just a great ride.

Root was a bear though, and that was mostly because of my own stupidity. Thanks for all the help ratone! I learned a lot about something that I use on an almost daily basis.