Swagshop

Type your comment> @MrSquakie said:

Thats the only thing I could think of lol,like is he saying use protection? Still doesn’t make sense lol

Apologies. The hint is rather cryptic. Its one of those “you’ll know when you see it”. Not much different than “tunnel vision” etc. However, you guys got the gist right off the bat! I used a M****** tool that allowed me to get access to index.php (and other .php too). Once you find the name of the tool, the hint will make sense.

Type your comment> @rumham said:

Okay so I’m a bit ashamed here, but I kind of cheated getting that initial shell. I knew the exploit that needed to be used, even though when I attempted it, I kept getting ‘did not work’.

It’s intended (i guess) ;).
Just read (and understand) the exploit, the solution should come up easily :wink:

This box was SO PAINFUL … Pretty tough bcs everyone is putting their reverse shells in a way it crashes the server … :frowning: well whatever in the end I managed to find a way where I didnt have to rely on the server not having 503 issues… Hit me up if you need a way as well bcs you dont want to waste your time waiting for reset over reset over reset :slight_smile:

Root: Super super ez… basic stuff

Finally rooted. Thanks @elgastiom for the hint for my misunderstanding!

hey any help in the priv esc, please dm
I know what to do but its prompting for something
I tried everything

every time I try to install via CM I get these errors? any hints?

CONNECT ERROR: Package file is invalid
Invalid version, should be like: x.x.x
Invalid stability
Invalid channel URL
Empty authors section
Empty package contents section

Rooted… very funny and i think that it is quite realistic

Hi … please stop to edit index.php, it’s an hour I can’t play ! tnx all

Anyone having trouble with an invalid Package file, there are multiple sources on the internet where you can get it from.

EDIT: Trying to get root now, I know exactly what I need to do but I keep getting “no tty present and no askpass program specified” despite whatever I try to do… can anyone PM me with help?

Type your comment> @rumham said:

Okay so I’m a bit ashamed here, but I kind of cheated getting that initial shell. I knew the exploit that needed to be used, even though when I attempted it, I kept getting ‘did not work’. I knew the credentials it was going to create, so I attempted logging in with these creds to possibly piggyback off of whoever got there before me…it worked. From here I had admin panel access, and was able to get shell + root on my own with minor nudges.

That being said, could someone please PM me and tell me why I was unable to get that first exploit to work? I’m incredibly exhausted and my mind is a bit numb now after working on this machine for a few hours. But I’d love to know how to get that exploit to work.

Look at the exploit code and you’ll understand it yourself, trust me :slight_smile:

So, at the root stage of things. I can launch a terminal, i see what you should be able to run but when I do it still asks for a pw. Kind of stuck at that point for now, anyone able to nudge me in the right direction?

Getting tons of DMs here on root. The thing you see but get prompted for a password, the space isnt a delimiter, that is all one command.

Very fun machine. Might cop some swag later :slight_smile:
User: Google will do the trick, there are plenty of exploits out there. There is one python script that will give you credentials but you need to make some tweaks to it. After that google again and you’ll find an article that shows you how to get RCE.
Root: Even easier, the vector will show itself on the first steps you should take when enumerating a system. You might face some trouble with TTY but the number 3 will make the difference (huge hint here) once you can execute what you want just grab that root flag
Hack The Box

Every time I make headway, someone either messes up with the index page or restart the machine.

Almost at the root, but struggling to get stable machine…:frowning:

if I get one more 503 I will cry myself into a coma tonight

503’d already, put me out of my misery merciful gods above

Why just why??? Please just pay attention to what you’re doing. And never forget a pen tester destroying a website this way would have gotten into much trouble. So please remember be a good professional and considerate person to all.

Thank you very much!

Edit: Apparently I am asking to much from people. Well more 503 all the time

A neat box, few things should be reiterated, even though it has been said multiple times.
When you get access to admin panel and you decide to put your reverse shell, PLEASE be considerate about others. If you see someone else code, do not edit it and drop their shell. PLEASE do not edit the index page. There are enough files access to you which you can modify. Just use common sense.

User: Enumerate on the app, nothing fancy.
Root: Check what you have access to.

Cheers for the box.

Can someone tell me, after you gain access to the web interface, does the next step to deploying a shell involve another CVE, or is it just knowing your way around the admin console? I have quite a bit of experience with WP and deployed a magento site years ago. The fact that I can only seem to find front end editing tools is killing me.

Just owned root on this box.
Thanks @dfgben for helping me a lot in privesc
A good box during initial enumeration but later on it becomes very painful when we get 503 and resets in every 2-5 minutes.
PLEASE DONT OVERWRITE SYSTEM FILES!!
It will help everybody else and save their time.

USER : Keep enumerating until you find some panel. Google and look for bugs in the vulnerable version. Some might dont work but keep looking for other ways. If there is certain tab not there sometimes, search for it on google. Then upload it manually and enjoy :stuck_out_tongue:

ROOT: Very easy it just in front of you. Run a enum script
Read the whole line very carefully after getting something from enumeration otherwise you might lose a lot of time.

In all, good box.

Rooted :slight_smile:

It was a Fun ride! Cool box!

Thanks @KaiserPhoenix for the help.

PM me for Help :slight_smile: