Swagshop

im getting the same error as everyone else, is this by design or was this box updated by mistake?

Just opened a fresh VM of Kali and the exploit that worked previously before is returning the same error, it seems that a change to the box was made. Is the creator intending users to root the box via c********* ******r instead?

As much as this box rubbed me the wrong way at EVERY turn for how easy it ended up being, I bought every piece of merch.

If you need help shoot me a DM. I didnā€™t think I was overthinking it but I was.

Hints for this box:
User - Enumerate, session jack (unintended) or shop lift your way in, read documentation/examples on packaging (make sure to thoroughly confirm your tweaks)

Root - Simple enumeration is more than enough, if what youā€™re doing takes more than a minute or two, itā€™s excessive, just be sure to read properly (unlike myself -_-)

Reward yourself with some swag =)

Would someone mind checking my Python script or PMing me if you had this same issue below?

I found the login page where I need to create something for myself, and I do end up being able to login, but itā€™s just garbage type output on the admin page. Doesnā€™t really make sense.

EDIT: Nevermind. This box is glitchy as ā– ā– ā– ā– . After I resubmitted the form through the browser a bunch, finally got in the admin area.

please may i get some help/advice/guidance from some lovely gentleman/lady via pm ive found out some interesting stuff however ive hit a dead end :frowning: thank you :dizzy:

Can someone PM me the package they are using in admin panel? I have the original that was SUPER popular with this exploit and it isnā€™t packaged properly or I need help with it. I uploaded another one and can only create, copy, delete filesā€¦supposed to be able to upload but itā€™s not showing.

user and root very easy

The exploit with the RCE I think has gone, maybe wasnā€™t the meant way to achieve a shell or maybe too many people abused it and nobody was using the second way.

Something has changed in the tunnel request it canā€™t return a property of the tunnel variable, the property is null, doesnā€™t exist 'cause the request is getting no results, must have be changed the URL path, in fact modifying it in the script gives other outputs (and I think with the correct one would start working again if itā€™s just a path problem and not others things are involded ex: another object being passed if the request is validate which doesnā€™t have that property anymore).

In my opinion is faster using the second way rather than struggle on how (if itā€™s possible) get the first one working again.

For people having difficulty with the c********* m******, there might be other solutions. Donā€™t get tunnel vision.

Type your comment> @dr0ctag0n said:

same error here,

tunnel = tunnel.group(1) AttributeError: 'NoneType' object has no attribute 'group'

I was having the same issue. Biggest nudge I could give I think would be to try something else.> @k3NETicHEx said:

Type your comment> @Lycist said:

Did something happen to this box? The RCE exploit that I used to get in yesterday stopped working, and gives a ā€œNonetypeā€ object has no attribute group. which stackoverflow tells me means Iā€™m getting no response on it.

This would be the RCE exploit. I know Iā€™ve got the correct parameters in the script, as it worked previously.

(I have rooted the box)

Went to show it to someone else and it stopped working, any thoughts?

I thought it was just me. It was working for me as well but then once it had a reset, it stopped. Now iā€™m not sure if itā€™s the one iā€™m supposed to be using or not.

My wife always says trust your gutā€¦ If it doesnā€™t feel right, thereā€™s a possibility google might reveal something more promising. > @Chrix87 said:

The exploit with the RCE I think has gone, maybe wasnā€™t the meant way to achieve a shell or maybe too many people abused it and nobody was using the second way.

Something has changed in the tunnel request it canā€™t return a property of the tunnel variable, the property is null, doesnā€™t exist 'cause the request is getting no results, must have be changed the URL path, in fact modifying it in the script gives other outputs (and I think with the correct one would start working again if itā€™s just a path problem and not others things are involded ex: another object being passed if the request is validate which doesnā€™t have that property anymore).

In my opinion is faster using the second way rather than struggle on how (if itā€™s possible) get the first one working again.

agreed. Iā€™m currently working on root, and every time someone bricks the box, it takes only a couple minutes using the second way to recover back to my unprivileged shell. Kicking myself for wasting time on that thing. Btw, think Iā€™m close to root if you got a hint for meā€¦ :smiley: I think it has something to do with a ā€œway to edit filesā€, and s**o but Iā€™m not sure!

I actually went my own way and can confirm I have a reverse shell from just using an extension in the admin panel. Got user.txtā€¦root coming in a few mins.

For everyone trying to use some public exploits, I managed to root this box without using any of them. There is at least one other way to get both admin access and RCE on the machine without using any script.

Type your comment> @joshkor40 said:

Type your comment> @UIDEQUALSZERO said:

is anyone getting the following error with one of their exploits today?

tunnel = tunnel.group(1)
AttributeError: ā€˜NoneTypeā€™ object has no attribute ā€˜groupā€™

It was working fine for me yesterday and I changed the parameter accordingly, PM me

Same here bro!

Just read the exploit carefully. Try to understand what it does.
A tip: Use a proxy like burp and understand why the error occurs and what you will have to change.

Can someone PM me with help on root? I know I am missing something super easy. Havenā€™t slept in a day, so that isnā€™t helping ha. Iā€™ve got a reverse shell up now.

why resetting the machine i canā€™t find the right module to use in web app?
My friend is able to find the module on other server . The machines would look differents.

For initial admin access, if the exploit is not working check that path or maybe it is not the right one!!!

I canā€™t upload any package. They all give Name Errors. Help?

Thanks to @mogyub for helping me with a weird shell spawn issue! Not sure if something was going on in the machine. Kept getting asked for encryption keys and other odds and ends. Fun stuff! :bleep_bloop:

503 error occurs all the time todayā€¦ you just canā€™t do much when the site is down! WTF is going on over there ?

Hi guys, Iā€™ve found the admin login page but canā€™t seem to find the credentials. Iā€™ve found a config.php file but its just blank and then every time I go to the homepage Iā€™m getting a 503 error. Would anyone be able to help me and push me in the right direction please? Struggling to even get user! Thanks