I’ve a TTY shell, I enumerated all I could an I tried multiple priv esc kernel exploits that didn’t work. I’m in the w**-***a user. I will apreciate some hints.
No need for kernel exploits. The priv esc sticks out in your basic enumeration, so you have to look a bit closer. Took me 5 Minutes and I am not the best hacker, just ran my basic stuff, something sticks really out because it should not be there.
Also to everyone doing the box: Don’t mess with the index.php, that is the laziest way to get your RCE, and in the field would put you into a lot of trouble. Also it is not fun for the people who are here to learn a thing or two, so maybe if you are messing around the next time, think a few steps ahead.
Ty for the hint. I know where I can use the s*** command, the problem is that it’s asking me for the w**-***a passwrd. I’ve tried multiple args ans stuff but nothing worked
Type your comment> @HackSh00t said:
I've a TTY shell, I enumerated all I could an I tried multiple priv esc kernel exploits that didn't work. I'm in the w**-***a user. I will apreciate some hints.
No need for kernel exploits. The priv esc sticks out in your basic enumeration, so you have to look a bit closer. Took me 5 Minutes and I am not the best hacker, just ran my basic stuff, something sticks really out because it should not be there.
Also to everyone doing the box: Don't mess with the index.php, that is the laziest way to get your RCE, and in the field would put you into a lot of trouble. Also it is not fun for the people who are here to learn a thing or two, so maybe if you are messing around the next time, think a few steps ahead.
Ty for the hint. I know where I can use the s*** command, the problem is that it’s asking me for the w**-***a passwrd. I’ve tried multiple args ans stuff but nothing worked
I’ve a TTY shell, I enumerated all I could an I tried multiple priv esc kernel exploits that didn’t work. I’m in the w**-***a user. I will apreciate some hints.
No need for kernel exploits. The priv esc sticks out in your basic enumeration, so you have to look a bit closer. Took me 5 Minutes and I am not the best hacker, just ran my basic stuff, something sticks really out because it should not be there.
Also to everyone doing the box: Don’t mess with the index.php, that is the laziest way to get your RCE, and in the field would put you into a lot of trouble. Also it is not fun for the people who are here to learn a thing or two, so maybe if you are messing around the next time, think a few steps ahead.
Ty for the hint. I know where I can use the s*** command, the problem is that it’s asking me for the w**-***a passwrd. I’ve tried multiple args ans stuff but nothing worked
In case it helps, I think I know why the box throws so many 503s.
Before you install an extension, make sure the FIRST CHECKBOX (Put store on the maintenance mode while installing/upgrading/backup creation) is unchecked… But then again, I might be wrong.
As for the FIleSystem menu option, it does not come by default. So every time you have seen it, someone else had installed it, so a reset will remove it… just saying.
I have been able to find the snake and made it lead me inside the panel
however, because of this sick 503 i had to subscribe in the VIP.
Unfortunately, i have been trying to access the panel with the same snake but it is not allowing me at all !!! Is there a difference or what is the issue here??
I was able to load what is necessary for the a**** portal and ct showed successful on upload but I am still not seeing it as an option in pannel, in ct everything looks great. Any nudges?
@badman89 said:
ok cheers @Thomasian , seems to be ok now ive moved server! any hint on where to get the file i need to upload have one but says connect error unsupported resource type
Uploading through M****** Con**** might put it into maintenance mode. I did not upload my shell there. I am not saying you can’t do it there but there is an easier way to upload you shell without creating your own extension package file for your shell.
Could you provide some hint do this? I’m struggling with the M**** Con**** and I can’y figured out how can I upload my shell.
Tks
EDIT: I Rooted this machine after 1 day. The elevate privilegie is quite simple. PM for help!
So I have my own creds from the first RCE, and I’m in the admin panel. I’m trying the 2nd, directly on the DashC**.php page, but getting a 500: Internal Server Error. Using it on any other page or URL fails as the regex function in the code can’t find the string it’s looking for.
why do I feel that they sweep up the whole box at once
I just got the shell and then it became laggy and finally my shell is gone oh wait the whole directory is gone !!
Could someone please point me to the correct extension?
I downloaded an extension, modified it a little by inserting something in and then uploaded it back. No errors, but also no shell… tried 3 different shells, so it is probably not the way I should be going
Any advice?
Update: I had to reset the box - it worked afterwards. And root was really easy! When something like “that” is in place just go for the root shell directly.