Swagshop

Hi, Iā€™m stuck in getting user. I get the tunnel error with the second exploit and I canā€™t find the way to make it work. If someone could PM me to give me a hint, I wold appreciate it. Thanks!

@jajajadex said:

Hi, Iā€™m stuck in getting user. I get the tunnel error with the second exploit and I canā€™t find the way to make it work. If someone could PM me to give me a hint, I wold appreciate it. Thanks!

I came across this error yesterday and the only tip I can give you are unchecking the first options on the M****** C******. (This hint may make sense for you if you read ā€“ and understand ā€“ what is this options for.)

After reverse shell, the privilege escalation is classical as possible. You surely need to understand ā€œpermissionsā€ on Linux. Get the root user of this machine is easy, though. Thatā€™s all. :wink:

Guys, i just rooted the box but thereā€™s no hash in root.txt. Only info about the store. Strange?

@Kapteyns the hash should be at the top of that file :slight_smile:

Just as a hint to help others, to stop you going down a rabbit hole that I have been stuck in the last 24 hoursā€¦ You donā€™t actually NEED a reverse shell to get root (if thatā€™s the method youā€™re going for)ā€¦

Just use your enumeration info to see what you can run and where you can run itā€¦ No need to goā€¦ wild (apologies if this is too huge a hint).

Nevermind, reset worked :wink:

@DrLux0r said:

@Kapteyns the hash should be at the top of that file :slight_smile:

Just as a hint to help others, to stop you going down a rabbit hole that I have been stuck in the last 24 hoursā€¦ You donā€™t actually NEED a reverse shell to get root (if thatā€™s the method youā€™re going for)ā€¦

Just use your enumeration info to see what you can run and where you can run itā€¦ No need to goā€¦ wild (apologies if this is too huge a hint).

Exactly! This rabbit hole stuck me for a few hours.

I am stuck trying to figure out how to get w**-d*** to s**o with v* within the dir that it can for priv esc. I am prompted for a pw every try. Any nudges would be very welcomed, thanks.

@sipfurb said:

I am stuck trying to figure out how to get w**-d*** to s**o with v* within the dir that it can for priv esc. I am prompted for a pw every try. Any nudges would be very welcomed, thanks.

Pay attention to the grant permission you have. (file and directory) ā€“ It is a tiny detail that makes a huge difference.

I am stuck on getting user on the admin panel. could anyone pm me for some hints for a new guy like myself? would very much appreciate it.

Type your comment> @DrLux0r said:

Iā€™ve now successfully rooted and bought myself a shirt! Thanks to @1c4re1337, @jkr and @dorseyhacks :slight_smile:

you welcome :slight_smile: and gg !

Hello Guys,I am really stuck at the tunnel error.Could anyone please just pm a hint on how to fix it,Iā€™ve been at it for two days and itā€™s really annoying

Saw what the privesc was in the time it took to type ā€œthatā€ command after landing on the box and have spent longer than I want to admit trying to get a tty but Iā€™m blocked by a password request. Brains just turned to candyfloss at this point.

Type your comment> @innerHTML said:

Saw what the privesc was in the time it took to type ā€œthatā€ command after landing on the box and have spent longer than I want to admit trying to get a tty but Iā€™m blocked by a password request. Brains just turned to candyfloss at this point.

I went down this hole too. You donā€™t need tty buddy, just keep looking at that command and where you can run it

SwagShop completedā€¦
Can message me for any hintsā€¦

.

Too much resets, too much

Hints that worked for me:

USER: I didnā€™t used the tunnel thing. It was easier with another exploit IMHO, only need a little modification to point to the correct site :slight_smile:
After that there are a lot of documentacion, I saw a video but the file in the comments broke the server, donā€™t use that, try to download the same file from another part but use the contents of the video to achieve the reverse shell.

ROOT: With a common enumeration you can get it.

too many things are present which obviously out of placeā€¦ F**_S** ex** was there already and for admin you just type in those (f** f**) you found. Rooted and then had to figure out how expliot and M*** C*** worked. Root is sooooo easy that you donā€™t even need any tools, just check you permissions and go for it.

@Leonishan said:

Hints that worked for me:

USER: I didnā€™t used the tunnel thing. It was easier with another exploit IMHO, only need a little modification to point to the correct site :slight_smile:
After that there are a lot of documentacion, I saw a video but the file in the comments broke the server, donā€™t use that, try to download the same file from another part but use the contents of the video to achieve the reverse shell.

ROOT: With a common enumeration you can get it.

This file corrupts the server because of the first option checked. If you uncheck that, itā€™ll be ok.

@v01t4ic said:

too many things are present which obviously out of placeā€¦ F**_S** ex** was there already and for admin you just type in those (f** f**) you found. Rooted and then had to figure out how expliot and M*** C*** worked. Root is sooooo easy that you donā€™t even need any tools, just check you permissions and go for it.

This!

Creds on the downloader dashboard doesnā€™t work anymore? Did something happen?