Swagshop

@jajajadex said:

Hi, I’m stuck in getting user. I get the tunnel error with the second exploit and I can’t find the way to make it work. If someone could PM me to give me a hint, I wold appreciate it. Thanks!

I came across this error yesterday and the only tip I can give you are unchecking the first options on the M****** C******. (This hint may make sense for you if you read – and understand – what is this options for.)

After reverse shell, the privilege escalation is classical as possible. You surely need to understand “permissions” on Linux. Get the root user of this machine is easy, though. That’s all. :wink:

Guys, i just rooted the box but there’s no hash in root.txt. Only info about the store. Strange?

@Kapteyns the hash should be at the top of that file :slight_smile:

Just as a hint to help others, to stop you going down a rabbit hole that I have been stuck in the last 24 hours… You don’t actually NEED a reverse shell to get root (if that’s the method you’re going for)…

Just use your enumeration info to see what you can run and where you can run it… No need to go… wild (apologies if this is too huge a hint).

Nevermind, reset worked :wink:

@DrLux0r said:

@Kapteyns the hash should be at the top of that file :slight_smile:

Just as a hint to help others, to stop you going down a rabbit hole that I have been stuck in the last 24 hours… You don’t actually NEED a reverse shell to get root (if that’s the method you’re going for)…

Just use your enumeration info to see what you can run and where you can run it… No need to go… wild (apologies if this is too huge a hint).

Exactly! This rabbit hole stuck me for a few hours.

I am stuck trying to figure out how to get w**-d*** to s**o with v* within the dir that it can for priv esc. I am prompted for a pw every try. Any nudges would be very welcomed, thanks.

@sipfurb said:

I am stuck trying to figure out how to get w**-d*** to s**o with v* within the dir that it can for priv esc. I am prompted for a pw every try. Any nudges would be very welcomed, thanks.

Pay attention to the grant permission you have. (file and directory) – It is a tiny detail that makes a huge difference.

I am stuck on getting user on the admin panel. could anyone pm me for some hints for a new guy like myself? would very much appreciate it.

Type your comment> @DrLux0r said:

I’ve now successfully rooted and bought myself a shirt! Thanks to @1c4re1337, @jkr and @dorseyhacks :slight_smile:

you welcome :slight_smile: and gg !

Hello Guys,I am really stuck at the tunnel error.Could anyone please just pm a hint on how to fix it,I’ve been at it for two days and it’s really annoying

Saw what the privesc was in the time it took to type “that” command after landing on the box and have spent longer than I want to admit trying to get a tty but I’m blocked by a password request. Brains just turned to candyfloss at this point.

Type your comment> @innerHTML said:

Saw what the privesc was in the time it took to type “that” command after landing on the box and have spent longer than I want to admit trying to get a tty but I’m blocked by a password request. Brains just turned to candyfloss at this point.

I went down this hole too. You don’t need tty buddy, just keep looking at that command and where you can run it

SwagShop completed…
Can message me for any hints…

.

Too much resets, too much

Hints that worked for me:

USER: I didn’t used the tunnel thing. It was easier with another exploit IMHO, only need a little modification to point to the correct site :slight_smile:
After that there are a lot of documentacion, I saw a video but the file in the comments broke the server, don’t use that, try to download the same file from another part but use the contents of the video to achieve the reverse shell.

ROOT: With a common enumeration you can get it.

too many things are present which obviously out of place… F**_S** ex** was there already and for admin you just type in those (f** f**) you found. Rooted and then had to figure out how expliot and M*** C*** worked. Root is sooooo easy that you don’t even need any tools, just check you permissions and go for it.

@Leonishan said:

Hints that worked for me:

USER: I didn’t used the tunnel thing. It was easier with another exploit IMHO, only need a little modification to point to the correct site :slight_smile:
After that there are a lot of documentacion, I saw a video but the file in the comments broke the server, don’t use that, try to download the same file from another part but use the contents of the video to achieve the reverse shell.

ROOT: With a common enumeration you can get it.

This file corrupts the server because of the first option checked. If you uncheck that, it’ll be ok.

@v01t4ic said:

too many things are present which obviously out of place… F**_S** ex** was there already and for admin you just type in those (f** f**) you found. Rooted and then had to figure out how expliot and M*** C*** worked. Root is sooooo easy that you don’t even need any tools, just check you permissions and go for it.

This!

Creds on the downloader dashboard doesn’t work anymore? Did something happen?

any hints on admin login