Swagshop

rooted … very easy and straightforward box

User took a couple hours cause people feel the need to put their backdoors on the index.php and hose the box in the process, causing a reset every few minutes. I hate you if you did that. Just sayin.

Got a shell, ran Linux Smart Enum and popped root in about two minutes. Waaaaaaaaaay too easy, IMO.

Decent box, though. Just wish people (even on VIP) would quit ruining it for everyone around them.

Anyone have an idea, why the script always ends with “DID NOT WORK” ?

Rooted. Cool machine :slight_smile:

Easy root )Thx for box! ) Love it

Any hint on how to decrypt the M****** password?

Any hint what to do after login into m*****o as admin?

got a admin account but now after the thousands of resets the exploit isnt working anymore, does anyone know why?

Any nudges for user?

user > google is your friend for a shell although it took me a while to find the right exploit. Theres an old school video game that might help.

My only complaint is we are in 2019 we shoudn’t really be ctfing a box with a 4 year plus vuln when there is a pretty decent exploit just released.

I understand this was done for simplicity reasons but considering the vuln you used is mad old and what not threw me off and honestly i didn’t even do the box when i seen this than a friend came on and i helped him not sure why but this aspect really aggravated me either way thanks creator just my 2 sense.

Hey all, completely new and this is my second box. I have a pretty good idea of what I am supposed to do but I am completely lost as to how to leverage the vulnerability in the web page. Any hints would be appreciated.

Type your comment> @PavelKCZ said:

Anyone have an idea, why the script always ends with “DID NOT WORK” ?
wrong exploit, contains path that doesn’t exist

Type your comment> @p1azm0id said:

Type your comment> @PavelKCZ said:

Anyone have an idea, why the script always ends with “DID NOT WORK” ?
wrong exploit, contains path that doesn’t exist

comment is extremely misleading I would say

Type your comment> @halfluke said:

Type your comment> @p1azm0id said:

Type your comment> @PavelKCZ said:

Anyone have an idea, why the script always ends with “DID NOT WORK” ?
wrong exploit, contains path that doesn’t exist

comment is extremely misleading I would say

I don’t understand why the exploit isn’t working. Infact I’ve tried a couple.

Could we get a hint please.

I got a username and password and i logged in somewhere, but I am stuck and I don’t know where to go from here.

Very fun little box, user & rooted :slight_smile:
Learned a lot, and in the end its nice to find the little surprise.

I can log in but cannot get a shell

Rooted
All thanks to @gokuKaioKen and @NPCMaster for guidance in the dark!

Tips:
User:

  • man ghostbusters are in town
  • credentials needed? what if I store-steal my way in
  • google search = easy reverse-shell

Root:
-just enumerate, run the most basic command, you’ll see it

PM for help if you need

Box rooted, very good box. :slight_smile: