HackBack

Managed to be as a low privileged user on this box. Anyone willing to share ideas how can we move to h***** ?

Anyone could give me a clue on how can I execute commands from the web*****.***? lol…

I can upload a file with that extension to the current folder… ok.

I filled this file with the common functions when we want to obtain a RCE using this extension… ok.

But the commands simply don’t work D:

Ok. Got a low level access.

What a hard box :slight_smile:

Rooted! :slight_smile:

Thanks @decoder and yuntao for it!

Edit: For those who are sending me PM, I can help, really. But please: Tell me what you’ve done, what you’ve tried … Give me a bit xD

This box is so complex that it is not possible for me to give any hint to followers.
Only the best wishes!

Type your comment> @plonk said:

Found the h*** command on port **** that lists the h****,p***,w*****,l***,i***,s*******,n*****,i****** commands and looked at each of those - didn’t find any obfuscated js. Am I looking at the wrong high port service?

Found go***** in there, but not sure how to interact with it.

Can anyone suggest a tool that can be used to interact properly with this service generally? Or is there some strategy at guessing what it wants? Would appreciate the help - either on here or in PM.

Could anyone give a nudge? I can get a file uploaded it seems, but not sure how to get it to run and get a shell.

rooted! wow what a ride…hats off to the sadistic creators!

                               __...----..
                            .-'           `-.
                           /        .---.._  \
                           |        |   \  \ |
                            `.      |    | | |        _____
                              `     '    | | /    _.-`      `.
                               \    |  .'| //'''.'            \
                                `---'_(`.||.`.`.'    _.`.'''-. \
                                   _(`'.    `.`.`'.-'  \\     \ \
                                  (' .'   `-._.- /      \\     \ |
                                 ('./   `-._   .-|       \\     ||
                                 ('.\ | | 0') ('0 __.--.  \`----'/
                            _.--('..|   `--    .'  .-.  `. `--..'
              _..--..._ _.-'    ('.:|      .  /   ` 0 `   \
           .'         .-'        `..'  |  / .^.           |
          /         .'                 \ '  .             `._
       .'|                              `.  \`...____.----._.'
     .'.'|         .                      \ |    |_||_||__|
    //   \         |                  _.-'| |_ `.   \
    ||   |         |                     /\ \_| _  _ |
    ||   |         /.     .              ' `.`.| || ||
    ||   /        ' '     |        .     |   `.`---'/
  .' `.  |       .' .'`.   \     .'     /      `...'
.'     \  \    .'.'     `---\    '.-'   |

@moxic Looks like I couldn’t catch up, but hey, rooted as well!

Type your comment> @Layle said:

@moxic Looks like I couldn’t catch up, but hey, rooted as well!

Congrats! Now I have to catch up with you on all the other boxes lol

i would like to know how it is possible to execute stuff from files after uploading

Type your comment> @Morfaroth said:

Edit - Found out how to use the hidden path, now I’m stuck trying to find the mentioned log files.

I’ve got the hidden path from the deobfuscated JS (nice to do this manually little by little lol) – I have no idea what to do with it, I’m not sure how to bypass the auth etc… Any hint, I can’t find anything that would match w*******.*** lol

@lduros said:

I’ve got the hidden path from the deobfuscated JS (nice to do this manually little by little lol) – I have no idea what to do with it, I’m not sure how to bypass the auth etc… Any hint, I can’t find anything that would match w*******.*** lol

Watch your traffic closely. There are no good browsers anymore. :anguished:

So I have found that service that runs certain actions on certain targets. However, I can’t seem to connect the dots there. I can’t figure out how it all works together. Can anyone give me a little nudge?

Sorry for bumping but. Is this machine doable on Windows? I seem to have trouble putting my socks on. No problem on Linux though.

Really wish this has a checkpoint or so. I’ve got a low priv shell but the way it’s set up it’s taking like 2-3 minutes for each command to complete. lol

Could anyone give me a nudge? I’ve managed to get the obfuscated js but i don’t know how to make it clean

Damm, this box is tricky, found s***** credentials, disabled functions on php.ini and I already tried to exec commands with asp… I also found a way to setup a tunnel, but no more ideas left to exec commands, could anyone help-----

got the idea about the relation between a*** .***. and w.*******. but i can locate the new file i create …? any idea

got the idea about the relation between a*** .***. and w.*******. but i can locate the new file i create …? any idea