FOR ALL GUYS WHO SEE THIS:
PLEASE STOP MODIFYING THE INDEX.PHP
WE ALL HATE RESETS AND 503 ERROR!
FOR ALL GUYS WHO SEE THIS:
PLEASE STOP MODIFYING THE INDEX.PHP
WE ALL HATE RESETS AND 503 ERROR!
Can someone please PM me where to upload/edit code for my shell in the admin console? Sounds dumb but been stuck on this for a few hours now…
I’m totally new. Stuck at the admin panel I found some creds but I’m not sure where to use them. Any help would be great Thanks!
I think this might be the first box I completed with the use of any hints! Once I got user, root was super straightforward.
I love HTB. what a great way to get me to spend money.
Fun box, straightforward. My writeup was hardly a page long. And a neat surprise at the end too!
Some tips for the user? I found some cred but i dont know how to use it
Was wondering how others exploited. I see scripts and CVEs being mentioned and think I got in and rooted through an unintended way.
Would love a PM to discuss!
Still can’t get this box… i try a lot of things… if someone can help me out with some tips… i’ll accept. IK that i’m noob but… just trying to learn here
Rooted ! That was an easy one. Few hints :
Feel free to PM if you need help !
Edit : nevermind, I think people here are modifying index.php for user part, not root part.
Got the user flag but stuck on that and I can’t escalate to root. Lol, this is checking my patience.
anyone bought the t-shirt here? if so, what size does it come in?
I take small sized tshirts so i dont wanna buy and its like a medium or large lol
nice store! lol…
For user - - > enumeration is the key
root - - > go back to basics I was overthinking too much xD thx @Beorn for the hint!
Hi, I would appreciate anyone can give me some hints on getting the user and root.txt for SwagShop. did a scan port 80 and 22 is open. use my web browser and saw a online shop. How do i proceed from here? Thank you.
Need some kind of nudge, I’ve found a S** Backup and a XM* Config file both have hashes and nothing i can seem to use. (Tried decrypting) Any help appreciated ty!
Hi, I got user, and trying to find a way to PE. So I can see I’m able to run /usr/bin/** w/o password, but when I try to run it with sudo, it still asks me for password? Is this the intended way?
Nice box No CTF rhubarb which is a treat.
Can someone pm me a nudge? Was able to exploit, not sure where to upload my shell assuming that’s the next step for user.
Feel free to PM me for a nudge on either user or root.
At admin, have RCE, got user flag. Stuck like a mammoth in a tar pit…