@mava said:
I’m always getting:
AttributeError: ‘NoneType’ object has no attribute ‘group’
Anybody getting the same error for 3***1.*y
I set the necessary settings in the exploit.
I wouldn’t go down that rabbit hole my friend. Maybe other’s got it to work but there are easier ways in.
Finally rooted this ■■■■■■ thing.
Couple thoughts:
Nothing tickles my fancy quite like hacking an eCommerce site to earn the right to buy some swag. That just really does it for me. I bought everything.
However, the experience on this box was less than ideal. The prominent way in has the side effect of bringing it all down (503’s) and that just sucks. I believe there is a way (some of you noticed a special checkbox…) to stop the 503’s but not everyone reads the forums and is so conscious. There’s also a chance that some of the work may have been done for you already by other hackers, which spoils the fun in my opinion.
Definitely a couple rabbit holes, chased some exploits that just weren’t going to work.
The most difficult thing about this box is being able to do anything on it with all the chaos of resets and 503’s.
USER
Don’t get tunnel vision. (that’s a subtle hint). Don’t edit index.php (this ruins things for everyone else).
ROOT
Understand the syntax and realize that it’s being very prescriptive about what and how. (too vague…?)
Once you find the right tool to get a shell, its all cake from there.
Banged my head a bit to find out how to actually edit things, which I knew was possible via hints. Once you’re in (as admin), try using something that is “ribbed”.
Once you find the right tool to get a shell, its all cake from there.
Banged my head a bit to find out how to actually edit things, which I knew was possible via hints. Once you’re in (as admin), try using something that is “ribbed”.
I’ve already rooted the box, and have no idea what you mean lol
can i get a PM for priv esc. ran enum scripts and see the obvious but hitting the wall on what the issue is. did some google-fu and learned a little bit more about what it means just still confused lol.
@publicist said:
Can someone PM me the package they are using in admin panel? I have the original that was SUPER popular with this exploit and it isn’t packaged properly or I need help with it. I uploaded another one and can only create, copy, delete files…supposed to be able to upload but it’s not sho> @MrSquakie said:
Type your comment> @argot said:
Once you find the right tool to get a shell, its all cake from there.
Banged my head a bit to find out how to actually edit things, which I knew was possible via hints. Once you’re in (as admin), try using something that is “ribbed”.
I’ve already rooted the box, and have no idea what you mean lol
@publicist said:
Can someone PM me the package they are using in admin panel? I have the original that was SUPER popular with this exploit and it isn’t packaged properly or I need help with it. I uploaded another one and can only create, copy, delete files…supposed to be able to upload but it’s not sho> @MrSquakie said:
Type your comment> @argot said:
Once you find the right tool to get a shell, its all cake from there.
Banged my head a bit to find out how to actually edit things, which I knew was possible via hints. Once you’re in (as admin), try using something that is “ribbed”.
I’ve already rooted the box, and have no idea what you mean lol
Condoms are ribbed sometimes lol
Thats the only thing I could think of lol,like is he saying use protection? Still doesn’t make sense lol
Okay so I’m a bit ashamed here, but I kind of cheated getting that initial shell. I knew the exploit that needed to be used, even though when I attempted it, I kept getting ‘did not work’. I knew the credentials it was going to create, so I attempted logging in with these creds to possibly piggyback off of whoever got there before me…it worked. From here I had admin panel access, and was able to get shell + root on my own with minor nudges.
That being said, could someone please PM me and tell me why I was unable to get that first exploit to work? I’m incredibly exhausted and my mind is a bit numb now after working on this machine for a few hours. But I’d love to know how to get that exploit to work.
anyone able to give us a nudge in the right direction? Have been at it for hours trying to get a reverse shell, tried so many different ways and nothing seems to be working
@publicist said:
Can someone PM me the package they are using in admin panel? I have the original that was SUPER popular with this exploit and it isn’t packaged properly or I need help with it. I uploaded another one and can only create, copy, delete files…supposed to be able to upload but it’s not sho> @MrSquakie said:
Type your comment> @argot said:
Once you find the right tool to get a shell, its all cake from there.
Banged my head a bit to find out how to actually edit things, which I knew was possible via hints. Once you’re in (as admin), try using something that is “ribbed”.
I’ve already rooted the box, and have no idea what you mean lol
Condoms are ribbed sometimes lol
Thats the only thing I could think of lol,like is he saying use protection? Still doesn’t make sense lol
Deciphering that message should be added to the crypto challenges lol
Thats the only thing I could think of lol,like is he saying use protection? Still doesn’t make sense lol
Apologies. The hint is rather cryptic. Its one of those “you’ll know when you see it”. Not much different than “tunnel vision” etc. However, you guys got the gist right off the bat! I used a M****** tool that allowed me to get access to index.php (and other .php too). Once you find the name of the tool, the hint will make sense.
Okay so I’m a bit ashamed here, but I kind of cheated getting that initial shell. I knew the exploit that needed to be used, even though when I attempted it, I kept getting ‘did not work’.
It’s intended (i guess) ;).
Just read (and understand) the exploit, the solution should come up easily