Swagshop

FOR ALL GUYS WHO SEE THIS:

PLEASE STOP MODIFYING THE INDEX.PHP

WE ALL HATE RESETS AND 503 ERROR!

Can someone please PM me where to upload/edit code for my shell in the admin console? Sounds dumb but been stuck on this for a few hours now…

I’m totally new. Stuck at the admin panel I found some creds but I’m not sure where to use them. Any help would be great Thanks!

I think this might be the first box I completed with the use of any hints! Once I got user, root was super straightforward.

I love HTB. what a great way to get me to spend money.

Fun box, straightforward. My writeup was hardly a page long. And a neat surprise at the end too!

Some tips for the user? I found some cred but i dont know how to use it

Was wondering how others exploited. I see scripts and CVEs being mentioned and think I got in and rooted through an unintended way.

Would love a PM to discuss!

Still can’t get this box… i try a lot of things… if someone can help me out with some tips… i’ll accept. IK that i’m noob but… just trying to learn here

Rooted ! That was an easy one. Few hints :

  • User : Enumerate and create your own creds. Then you can find all the things you need on Google (I must admit it took me a while to find it)
  • Root : Very easy, stick to the basis. I still don’t understand why people keep modifying index.php, what the point guys ? That’s a destructive way and that causes 503. I didn’t even need to modify files.

Feel free to PM if you need help :slight_smile: !

Edit : nevermind, I think people here are modifying index.php for user part, not root part.

Got the user flag but stuck on that and I can’t escalate to root. Lol, this is checking my patience.

anyone bought the t-shirt here? if so, what size does it come in?

I take small sized tshirts so i dont wanna buy and its like a medium or large lol

nice store! lol…
For user - - > enumeration is the key :slight_smile:
root - - > go back to basics :frowning: I was overthinking too much xD thx @Beorn for the hint!

Hi, I would appreciate anyone can give me some hints on getting the user and root.txt for SwagShop. did a scan port 80 and 22 is open. use my web browser and saw a online shop. How do i proceed from here? Thank you.

Need some kind of nudge, I’ve found a S** Backup and a XM* Config file both have hashes and nothing i can seem to use. (Tried decrypting) Any help appreciated ty!

Hi, I got user, and trying to find a way to PE. So I can see I’m able to run /usr/bin/** w/o password, but when I try to run it with sudo, it still asks me for password? Is this the intended way?

Nice box :slight_smile: No CTF rhubarb which is a treat.

Rooted! Thanks to @DameDrewby @Beorn and @SiV4rPent3st for the help! :slight_smile:

Can someone pm me a nudge? Was able to exploit, not sure where to upload my shell assuming that’s the next step for user.

Feel free to PM me for a nudge on either user or root.

At admin, have RCE, got user flag. Stuck like a mammoth in a tar pit…