onetwoseven

thanks for helping @Chrix87 and @S4d0w :slight_smile:

Whatā€™s with the blank page as a response at the upload?
I think i am making the necessary changes on the ā€œclient-sideā€ part.

I got the information that I needed from the strange extension file. I know that I have to tunnel. However, I am not entirely sure what the right command is, as I get a message saying :

service allows **** connections only

Any help will be appreciated.

Type your comment> @badwolf said:

I got the information that I needed from the strange extension file. I know that I have to tunnel. However, I am not entirely sure what the right command is, as I get a message saying :

service allows **** connections only

Any help will be appreciated.

You need to create the tunnel but not necessarily keeping the connection open, there is a specific parameter for that :wink:

Type your comment> @avetamine said:

You need to create the tunnel but not necessarily keeping the connection open, there is a specific parameter for that :wink:

What? That makes sense, however I couldnā€™t find such parameter in man ssh. I have to look more carefully

@badwolf said:
Type your comment> @avetamine said:

You need to create the tunnel but not necessarily keeping the connection open, there is a specific parameter for that :wink:

What? That makes sense, however I couldnā€™t find such parameter in man ssh. I have to look more carefully

Its a paremeter that is you commonly used along with port forwarding where command execution is not required, thats all i can say from here. :wink:

Oh, right. I get it now. I know what parameter you refer to. Thanks

I am doing this box and would need some hints on the initial foothold. I have some info but I dont know how to proceed

Im an utter noob, been spending 5+ hours trying to get user.

anyone be so kind to PM me just to point me in the right direction?
I dont want straight answers, just directions :slight_smile:
I can also explain what I have done (tried rather) and anyone can correct me or assert my progress in the right directions.

Thanks!!

Type your comment> @gregX01 said:

I am doing this box and would need some hints on the initial foothold. I have some info but I dont know how to proceed

  1. one POST params could be exploitable for OS commands
  2. By using 1st hint, you could download two .pem files
  3. combine them to generate .pfx file (Convert a PEM Certificate to PFX format)
  4. use hint3, to be able to access web application on higher port
  5. on higher port, you will get access to ssh later nfs
    ā€¦

I am at the high port panel with no creds. I cannot figure out what to use within S**P. Can anyone throw me a bone? Or a PM?

done.

Thanks @billycontras, @Chrix87, @m4xp0wer and @Wingadium for all the tips and help for me to get root. Box was really hard. To anyone who needs help, feel free to pm me :slight_smile: good luck have fun

Type your comment> @azasdf74M said:

Type your comment> @gregX01 said:

I am doing this box and would need some hints on the initial foothold. I have some info but I dont know how to proceed

  1. one POST params could be exploitable for OS commands
  2. By using 1st hint, you could download two .pem files
  3. combine them to generate .pfx file (Convert a PEM Certificate to PFX format)
  4. use hint3, to be able to access web application on higher port
  5. on higher port, you will get access to ssh later nfs
    ā€¦

I think you are in the wrong thread. Those hints are usefull for another active box. i whish the best of fortunes to you!

Cheers!

Good box, but itā€™s definitely been frustratingā€¦ gone through quite a lot but not able to upload the plugin :confused: Would like to get some tips on how to bypass the disabled addons upload (Does it have something to do with the strpos R******_U** and the preg_match check?)

What a fun box! Finally rooted. PM me for Hints.

Figured it out, time for shell> @D4nch3n said:

Good box, but itā€™s definitely been frustratingā€¦ gone through quite a lot but not able to upload the plugin :confused: Would like to get some tips on how to bypass the disabled addons upload (Does it have something to do with the strpos R******_U** and the preg_match check?)

Stranded at the end of the tunnel, with a login screen to the admin panel.

So far so good, also found a couple other interesting files and directories. So, can you find some credentials somewhere for that panel?

Or should I try to work without any credentials. Might be possible, but I donā€™t quite know how, especially since I canā€™t look at the important files in that directoryā€¦ Any help would be appreciated.

Or do I even need to run Hydra against the admin panel which might be tricky, due to the tunnelā€¦

Cheers,
WTW

Type your comment> @walksthewires said:

Stranded at the end of the tunnel, with a login screen to the admin panel.

So far so good, also found a couple other interesting files and directories. So, can you find some credentials somewhere for that panel?

Or should I try to work without any credentials. Might be possible, but I donā€™t quite know how, especially since I canā€™t look at the important files in that directoryā€¦ Any help would be appreciated.

Or do I even need to run Hydra against the admin panel which might be tricky, due to the tunnelā€¦

Cheers,
WTW

Credentials are in file stored on the tatget box

Hey all

Iā€™m having real trouble with the upload part of the box, been trying for a week. Iā€™ve been trying to use the oma**** plugin to upload my file and all i get is ā€œ200 okā€.

I think It might be something to do with the p***_m**** part of the code, but If it is I donā€™t know how to do it.

Iā€™ve been using the default upload options from the menu page just modifying the ā€˜actionā€™ and disabled bit.

Any help would be greatly appreciated.

Thank you.