Swagshop

Type your comment> @DaChef said:

Note for those who ruin the box:
When you are on the “Manager Page” there is a checkbox on top-left, uncheck it before “installing” anything to stop giving everyone 503s!

Thank you!

So I got user, but I’m stuck in a w…-d… shell, with no tty. LinEnum shows me the path to root, but I can’t run anything as su because I don’t have tty. I’ve tried Python, but it’s unavaliable. I can run bash -i, but it still doesn’t give tty. I’ve tried uploading socat, but no go on running the executable either.

Any help?

EDIT: Rooted! Just because your favorite TTY shell upgrade doesn’t work, doesn’t mean a newer version won’t :wink:

Type your comment> @Chrix87 said:

The exploit with the RCE I think has gone, maybe wasn’t the meant way to achieve a shell or maybe too many people abused it and nobody was using the second way.

Something has changed in the tunnel request it can’t return a property of the tunnel variable, the property is null, doesn’t exist 'cause the request is getting no results, must have be changed the URL path, in fact modifying it in the script gives other outputs (and I think with the correct one would start working again if it’s just a path problem and not others things are involded ex: another object being passed if the request is validate which doesn’t have that property anymore).

In my opinion is faster using the second way rather than struggle on how (if it’s possible) get the first one working again.

No clue how you guys utilized other functions to get RCE…

For those struggeling with “tunnel vision” trying to get a shell:
This method still WORKS. But @Chrix87 is right, something is missing. Look at the error message. Now look at your code and see what it actually searches for on the vulnerable page. Also visiting this page gives you a big hint. Now think of how you could get back what’s missing!

ll

Pretty much have the box rooted if I can get in. I was able to get the RCE to work early on before tunnel issues and was close to root. Last few days I have been working on adding a feature, which looks to install successfully but doesn’t show up. If anyone has a nudge to get my shell back, aside from hoping someone else has added the feature please DM. Also if anyone needs a nudge to Root please feel free to DM and I ll help out.

Edit: Got root, connected back in and the addon is there. I would still love to know where I went wrong.

stuck on CMS, I logged in but cannot find a way to get reverse shell. I also tried to upload FileS****m extension but i get error everytime. Please PM me for rev shell part.

If you are making the machine 503, you are doing it wrong

503 is making me cry.

guys, how did you upload shell to admin? via connect?

I felt really dumb after I finally hit root. If someone needs to bounce ideas, message me and let me know where you are and what you’ve tried.

Finally got root! Thanks for the help from @valentinelocke and @Thomasian :slight_smile:

wow … the box was up for like 30 seconds and then crash ola! ahh geez… i dont wanna crash tha box. from reading the forms … it sounds like the upload path is making it do that? pm me for a better spot plz! i dont wanna be that guy… i tried some other spots but they failed :frowning:

wut-oh got in and booted out… that was quick… it’s like a mess of tabs in there… geez…

Type your comment> @dm7500 said:

So I got user, but I’m stuck in a w…-d… shell, with no tty. LinEnum shows me the path to root, but I can’t run anything as su because I don’t have tty. I’ve tried Python, but it’s unavaliable. I can run bash -i, but it still doesn’t give tty. I’ve tried uploading socat, but no go on running the executable either.

Any help?

EDIT: Rooted! Just because your favorite TTY shell upgrade doesn’t work, doesn’t mean a newer version won’t :wink:

@dm7500 said:
So I got user, but I’m stuck in a w…-d… shell, with no tty. LinEnum shows me the path to root, but I can’t run anything as su because I don’t have tty. I’ve tried Python, but it’s unavaliable. I can run bash -i, but it still doesn’t give tty. I’ve tried uploading socat, but no go on running the executable either.

Any help?

EDIT: Rooted! Just because your favorite TTY shell upgrade doesn’t work, doesn’t mean a newer version won’t :wink:

I am struggling at this section now as well. Help would be appreciated. I want to buy some swag too lol

Finally rooted the box, thanks @ch4p for the box.

Type your comment> @andrhtb said:

guys, how did you upload shell to admin? via connect?

Yup, btw there is one other way also to upload the shell look on google for an exploit that came out this year only.

Why does this box keep getting reset? So frustrating :frowning:

edit
Ohh, people 503’ing it… great.

Can someone point me towards the credentials? I did a Wfuzz on all my dictionary files, and looked for the most common extensions as well. Gobuster also gives no love.

If someone on here can help I can current on the admin page trying to do a reverse shell. PM me!

Can someone please pm to discuss this up to user? I got user.txt but I believe it was because someone else activated the sub menu item through the thing i cannot figure how to install.
Note: I did not read anything on the forum in order to not spoil what I should do