Ghoul

any hint for root.txt
i got root shell :frowning:

Cannot find my uploaded file…

@Warlord711 said:
Cannot find my uploaded file…

The same problem)

This hint about Sierra I don’t understood
"In case you need to verify it - https://colorlib.com/wp/template/sierra/ . "
I saw a page and I tryed to find some similar, but unfortunately no successful

I think he meant to say for people that wanted to verify about one of the attributes data-whitespace= having a typo on the code. That it was not on purpose.

Looking for root… I found the g*** UI… do I need to brute force?

Edit: NVM, no brute force required, the answer is within you…

I think I’ve tried everything I have to try… I’m open to instructions on what to do to get a shell with the k*****_**m account. Where should I look?

Got user after smashing my head for some time, but I’ve been working on it for almost a day to get root.

Holy Sh** this is crazy I finally got a shell trying to get myself onto there for root pivot this is no joke lol

Did someone changed the password for port 8080?

Type your comment> @f3v3r said:

Did someone changed the password for port 8080?

I’ve had to revert it a couple times when it hasnt worked.

wow I must say after fixing the netcat issue and using the correct method and landing a shell as user during the exploit I was able to without adding any keys execute a privesc and achieve root shell but after that it took no more than 15 20 minutes from the time I exploited it with a correct shell to about the time i was able to land a root shell and find what I was looking for I see one last step to get to the war chest which I think is a jdbc connection from some leaked sauce if I am correct not only was this a little diff as I was not able to find the root.txt which means You guys stepped it up I like this and if the extra 20 minutes from landing a shell to getting privesc scares you jeez this is easier than most boxes privesc wise to me logic wise

and being a linux noob I would know that almost everything priv esc is hard in the beginning this made it both logical and easy.

help plz
machine-ghoul
i am stuck at the file upload at ip:8080/index.html
i know, i suppose to upload a reverse shell there but dont know how to bind it into jpeg file. i have search about it , nothing found. please help

Root was a lot of fun, had to automate pretty much everything, especially the last step… Probably the worst machine I’ve seen so far, but in a good way.

finally root … what a journey

awesome box )) just rooted. Its really cool. Thx

@MinatoTW Thank you for so emotional hack journey :slight_smile: It was like MMPORPG quest )

Seems like the service on :80 is broken/hung at this point. I’ve reset the box a couple times and it doesn’t seem to fix it. I was poking around at this box earlier this week without that problem. Now it just won’t really respond.

Edit: Switching to a different US Lab doesn’t help.

Where is root.txt file?
any idea?

Do I need to target the login or the upload first? Found probable pass for #1 but no matching username so far and all the folders I looked into for the upload seem like dead ends.

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

Type your comment> @SamBugler said:

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

what you may want to do and i know im going to get in trouble for this lol

Reset it 2 times in a row i did and now it pops every attempt feel free to pm me maybe your command is wrong this gave me an issue