Hint for HELP

rooted. Might someone get in touch with me to discuss the higher port method?

Rooted!

Thanks to @jacknife for the hint on Root, and to @ecro80 for the hint on the code.

Happy to assist too.

check port 3000 then find ticket using support center header name. be sure your gmt time.

i’ve tried everything google and searchsploit has to offer with this file extension filter, any hints would be much appreciated

Type your comment> @Reiahx01 said:

i’ve tried everything google and searchsploit has to offer with this file extension filter, any hints would be much appreciated

check the sourcecode of the file upload of helpdeskz on their github repo and try to understand what exactly happens on uploading a file :wink:

Type your comment> @Enyone said:

Type your comment> @Reiahx01 said:

i’ve tried everything google and searchsploit has to offer with this file extension filter, any hints would be much appreciated

check the sourcecode of the file upload of helpdeskz on their github repo and try to understand what exactly happens on uploading a file :wink:

from what i see it only appends the very last file extension, so double extension doesn’t work. tried inserting null byte and still nothing. i’ll keep looking but for whatever reason i’m not seeing it yet

I have tried all the possible steps:
submit ticket :-
step 1 file supported
1: change time zone to L0
2: upload s
e
* with extention (no luck)/ call it back after changing the ‘x’ range

step 2 er: file not supported (no luck)
yes I have changed php -reverse -shell already using (/usr/share/webshell/php/reverse*)

in exploit not sure what code should I use ?
currentTime= (???)
Thanks

Whenever I upload the exploit and compile it, I get an invalid argument error. I can run it fine from my webshell, but it does not work from the actual pty shell.

rooted!!! finally!!!

need hint to proceed with .*s or shell upload, or port 80

Manage to get root without obtaining credentials via the Shiv query, if anyone could enlighten me via PM what the query is I would be grateful as I am intrigued.

Anyone seeking nudges feel free to PM me.

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

Type your comment> @lufee said:

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

ahh… figured it out

Type your comment> @lufee said:

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

Pretty sure that’s a message coming from your php reverse shell. If you are listening to the port specified in the reverse shell code and you get a shell it mostly shouldn’t matter. Reasons as to why can be examined within the code :slight_smile:

hey guys, rooted this box already but could someone pm me about the port 3*** method you used as i would love to learn about it

Type your comment> @bluealder said:

@shadowdriu said:

@bluealder said:
I am so confused, I managed to get user without too much trouble, but now I’m struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

Also struggling to get root. Help would be appreciated.

Legit got it 5 mins after posting this, was strugling on it for a day or two ■■■■. PM if you need a hand

just tell me which port should i use to exploit 80 or 3000
as node.js app didnt gave its profile cookie…help me if u can thanks

Can someone PM me for a nudge, I’ve found the exploit and edited it to aim at the webserver. I’ve uploaded a file which claims is not allowed but looking at the application’s source code, this shouldn’t be a problem. My local time and the server’s time are in sync. Still failing however.

Hi - Is there anyone who can PM me to give a hint on where I am going wrong with this box…I am almost there I think.

I’ve found the user and pass, but still no luck of finding app. the apache seems not working for me… any hints ?

This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!