Swagshop

Stuck in 503 many times. ?
Please exploit carefully. ?

Just ROOTED!!! Finally. For a noob it took me a bitā€¦ Hit me up if you need help!!
Hints: USER - Enumerate webapp to find a place for the shell
Root - this thread made me think it was super easyā€¦ I struggled for awhile. Find out what you can do and how to leverage that to get a shell with root privs

hi can someone pm me on user on this box, ive found some credz and a login pannel. also tried a number of exploits but nothingā€¦

Type your comment> @unashamedgeek said:

I completed this box. If you need a hint, feel free to message me and include where you are, what youā€™ve tried, and what youā€™re thinking is up next and Iā€™ll do my best to nudge you.

Needed help stuck at admin page for 2 days

Got user via RCE, but canā€™t for the life of me get a reverse shellā€¦ I think I know what to do for root, but without that shell I canā€™t execute it.
Anyone around who can give me a hint?

EDIT: Got a reverse shell, now for root
EDIT2: Root done!

EDIT3: Naturally, you can PM me if you need any help!

got root - pm me if you need any help :slight_smile:

Type your comment> @hxmo said:

Why the heck cant i use the exploit again to get admin account? worked last night now when i try again it works but it says wrong creds when i try log in?

I am getting exactly the same thing today. was working fine yesterday even after resets and no luck today!

Type your comment> @Sav said:

Type your comment> @hxmo said:

Why the heck cant i use the exploit again to get admin account? worked last night now when i try again it works but it says wrong creds when i try log in?

I am getting exactly the same thing today. was working fine yesterday even after resets and no luck today!

yeah mate , i switched from VIP to free server and the free server it workedā€¦ wow lol

but the free server the website keeps getting 503 error paged ALL the time its so frustrating man

Hit me up for help with root. Also, for anyone who already got root, pm me if you get a chance. I want to see how you did it, have some questionsā€¦

Ok, Iā€™ve encountered alot of error 503s while Iā€™ve been attempting this box. As Iā€™m a noob could someone explain to me what might cause that error so that I can make sure that I am not part of that problem?

i literally can not do a single thing on this box because everytime i find something or get close it gives me a 503 and then i have to wait a couple min before i can even do anything this is so annoying

Just ridiculous at this point tbhā€¦ Its more of a race and who can execute the reverse shell first rather than hack the stupid box man im actually raging, been at this for HOURS man and all i see is 503 loool only had the reverse shell once cos every time after it gets ā– ā– ā– ā– ā– ā–  bricked the websiteā€¦ VIP server doesnt even work on this box ā– ā– ā– ā– 

Same, same-same.
Iā€™m going to retry under cover of darkness. This very EVENING.
#Naps

Pretty fantastic box. Not overly hard but fairly realistic and gave me several ā€œIā€™m Stupidā€ moments.

@hxmo US VIP was very stable. I had shell for the last hour or so with several stupid CTRL+C moments requiring me to re-exploit.

Got my 20 points for this lovely and frustrating box. Thanks @ch4p for the work <3
PM me if you need help.

Got root! Great Box.
Returning the favor, if anyone needs a tip, feel free to pm.

@AndreiPintea @NPCMaster Thanks!

i got user but Iā€™m struggling with getting root any hints would be nice

Rooted! The 503s and 404s has been a tough challenge! This is my 3rd box and learned something from it. As opposed to those people who said that nothing can be learned from this, I can say that this is a good practice for beginners.

Thanks @ch4p for this box! Thanks @mpzz and @SN01 for the small nudges.

I am not sure how most of you did it because I can only see MY ā€œspecialā€ order to get initial shell. If anyone has time to spare, Iā€™d like to compare my steps to yours.

PM me if anyone needs a little push to the right direction.

is anyone getting the following error with one of their exploits today?

tunnel = tunnel.group(1)
AttributeError: ā€˜NoneTypeā€™ object has no attribute ā€˜groupā€™

It was working fine for me yesterday and I changed the parameter accordingly, PM me