onetwoseven

Type your comment> @jaras said:

Type your comment> @virtualgoth said:

OK, I think I need some more help here… SFTP really seems to be a dead-end. I’ve looked at all the commands and none of them seem useful to me I’ve looked at all the commands with help, tried ridiculous stuff and nothing is working. I’ve tried tunneling to the high port and SSH tells me to ■■■■■■ off. I don’t need the whole Scooby-Doo rundown but I’m struggling here peeps. Any other suggestions?

SFTP is not a dead end. Think about how Apache may interpret some information differently than the SFTP environment. SSH tunneling does not require terminal connection, if you pass the correct option to it.

for those struggling with sftp. Any hint after that is a spoiler

I have tunneled correctly but keep getting forbidden on everything. Can someone dm me a hint?

Spoiler Removed

For the last step of root, it seems like it can be done by combining some readily available tools on a typical Kali box, or you can roll your own (trying not to give a spoiler here) – I’ve gotten this as a hint. I have already tried the former and now I’m trying the latter. I have my own custom solution that should work, but seemingly due to the intricacies of a** I get some weird behavior based on what I use as a “backend”.

Could someone that also wrote their own solution perhaps give me a message so I can discuss my solution with them and perhaps learn why mine doesn’t work yet?

I also had some weird behavior reaching a certain port earlier on the box and I’m starting to wonder if this is related to my problems with the root part.

Edit: Got root. There is no need to write your own custom solution for the p**** server part like I did, it only complicated everything a lot. Thanks to those that decided to help me!

Hi. Need a help with privesc part on onetwoseven box) PM me please)

Rooted. Good workout for the brain.
PM if u need a nudge.

Boys… I need your Help.
I’am at that point where i’m supposed to connect to the high port to the server…
OK! Done (using s** tu**el)… BUT… when i’m trying to go to the website BAM! White Blank page…
No errors occurs… Absolutely nothing…Trying to play around with that searching for some response except “not found” but nothing… I m lost… i can see some directory but they’re can’t go anywhere… 60080 SKITTLES TO THE ONE WHO HELP ME!

Edit: Got the user.txt… Painfull… But its ok! It’s part of the game… No lets back on track to get root… Thanks to @m4xp0wer and @Razzty for the nudges! <3

Holy ■■■■ - never again. During this box I had all mental states - from stoic, madness, happiness, depression and boredom. But learned a lot - probably more than I would do on few lesser boxes together.
Thanks to @s4d0w and @M4xp0wer for giving me nudges - respect to you my friends. Without you guys I would never do it on my own. Thank you again.

Guys, keep fighting. Feeling of relief after this box is refreshing :+1:

Hello,

I am stuck on the initial foothold. I have managed to find the credentials, sftp in and even tunnel but I cannot sftp in on the high port with the found credentials or access the admin panel.

I have also tried all of the commands within sftp and found that none of them work. I then tried to upload a reverse shell script and that wouldn’t do anything either.

So, now I am stuck. Please PM me for any hints. Thanks.

Well can I get help in plugin-upload, because when I’m submitting my plugin it is giving me 404
I think I’m at last stage of pwning it, need some help please pm

Spoiler Removed

Just rooted…
A very fun box, and very original in almost every aspect and every step, especially the shell and root process…

Thanks a lot @jkr for this awesome box, keep making similar boxes :slight_smile:

for root part, google a**-g** MITM helps a lot .
another tip is : Build a real D** server rather than edit hosts .
Thanks a lot @jkr for this awesome box. it’s so nice and clean.

Root obtained.

Thanks @jkr and everyone for their help.

Hit me up if you need a nudge though this topic already provides plenty of hints.

thanks for helping @Chrix87 and @S4d0w :slight_smile:

What’s with the blank page as a response at the upload?
I think i am making the necessary changes on the “client-side” part.

I got the information that I needed from the strange extension file. I know that I have to tunnel. However, I am not entirely sure what the right command is, as I get a message saying :

service allows **** connections only

Any help will be appreciated.

Type your comment> @badwolf said:

I got the information that I needed from the strange extension file. I know that I have to tunnel. However, I am not entirely sure what the right command is, as I get a message saying :

service allows **** connections only

Any help will be appreciated.

You need to create the tunnel but not necessarily keeping the connection open, there is a specific parameter for that :wink:

Type your comment> @avetamine said:

You need to create the tunnel but not necessarily keeping the connection open, there is a specific parameter for that :wink:

What? That makes sense, however I couldn’t find such parameter in man ssh. I have to look more carefully

@badwolf said:
Type your comment> @avetamine said:

You need to create the tunnel but not necessarily keeping the connection open, there is a specific parameter for that :wink:

What? That makes sense, however I couldn’t find such parameter in man ssh. I have to look more carefully

Its a paremeter that is you commonly used along with port forwarding where command execution is not required, thats all i can say from here. :wink: