thanks for the help guys!
now if anyone wants to help with poppin root action … much appreciated… i’ve tried a bunch… seems like i’m going in circles
im not being rude but it seems that you want others to hack your boxes using your fingers ? its the most basic enumeration ever, if you cant figure this one out … question mark
Guys I changed the github code accordingly, even bypassed the file upload thing, yet not finding the file in the server. Can someone please pm for a hint please?
Hi everyone. I got user yesterday, but didn’t get root before I had to move onto other things. Now… using the exact commands and files I used yesterday, I can’t get user again. Any ideas? It just keeps coming back as not finding anything.
EDIT: Never mind, I altered the py script to give more tries before giving up and I got the shell again. Root!
@mystory20 said:
I am lost in the file extension bypassing
any hint for that?
I have tried with different extension and modifying the content type
but none of them work
Apart from the unauthenticated way,
I have no idea on constructing the n***.*s query
Thanks in advance
same here. i can find my jpeg file with exploit script but stuck on bypassing the file extension filter … hints will be appreciated.
Thanks.
Check the source code and exploit it will definitely help u
does anyone know what this message means ?
WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)
this is the message i get while i link to the shell i’ve uploaded… and it’s not connecting back to my listener…
can anyone help please?
edit: oops… i’m an idiot… firewall. duh.
thanks for helping a newb like me guys… much appreciated!
if anyone needs a push in the right direction i’ll be willing to help! just pm
This is my second machine, just after advise on how I should start this machine off. Just an application name I should look into, just so I can enhance my learning. PM me please.
i’ve tried everything google and searchsploit has to offer with this file extension filter, any hints would be much appreciated
check the sourcecode of the file upload of helpdeskz on their github repo and try to understand what exactly happens on uploading a file
from what i see it only appends the very last file extension, so double extension doesn’t work. tried inserting null byte and still nothing. i’ll keep looking but for whatever reason i’m not seeing it yet
I have tried all the possible steps:
submit ticket :-
step 1 file supported
1: change time zone to L0
2: upload se* with extention (no luck)/ call it back after changing the ‘x’ range
step 2 er: file not supported (no luck)
yes I have changed php -reverse -shell already using (/usr/share/webshell/php/reverse*)
in exploit not sure what code should I use ?
currentTime= (???)
Thanks