Hint for HELP

Manage to get root without obtaining credentials via the Shiv query, if anyone could enlighten me via PM what the query is I would be grateful as I am intrigued.

Anyone seeking nudges feel free to PM me.

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

Type your comment> @lufee said:

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

ahh… figured it out

Type your comment> @lufee said:

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

Pretty sure that’s a message coming from your php reverse shell. If you are listening to the port specified in the reverse shell code and you get a shell it mostly shouldn’t matter. Reasons as to why can be examined within the code :slight_smile:

hey guys, rooted this box already but could someone pm me about the port 3*** method you used as i would love to learn about it

Type your comment> @bluealder said:

@shadowdriu said:

@bluealder said:
I am so confused, I managed to get user without too much trouble, but now I’m struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

Also struggling to get root. Help would be appreciated.

Legit got it 5 mins after posting this, was strugling on it for a day or two ■■■■. PM if you need a hand

just tell me which port should i use to exploit 80 or 3000
as node.js app didnt gave its profile cookie…help me if u can thanks

Can someone PM me for a nudge, I’ve found the exploit and edited it to aim at the webserver. I’ve uploaded a file which claims is not allowed but looking at the application’s source code, this shouldn’t be a problem. My local time and the server’s time are in sync. Still failing however.

Hi - Is there anyone who can PM me to give a hint on where I am going wrong with this box…I am almost there I think.

I’ve found the user and pass, but still no luck of finding app. the apache seems not working for me… any hints ?

This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

Type your comment> @karelchajim said:

This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

@karelchajim said:
This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

Same here but the 3*** port thing is new for me. If you give me some help will be apreciated.

Type your comment> @srsamuka said:

Type your comment> @karelchajim said:

This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

@karelchajim said:
This is very nice box! Got root and user, by time and kernel. Will try the other way too. Thanks!

Same here but the 3*** port thing is new for me. If you give me some help will be apreciated.

Identical situation…

Rooted (using no-creds method). Was actually more of a challenge than expected. I mainly had some struggle editing the exploit.

I’m curious though: I didn’t find nor need credentials. Could anyone pm me how they got credentials and what they used them for?

Rooted and User pwned. PM if you need help. Definitely if you’re trying to get the points before it retires. Relatively straight forward box concerning thought process after enumeration.

anyone got a hint for root for this box i got user but my exploit isnt working if you can help dm me here or on discord: Citadel#1014 thanks

Finally Rooted !! Thanks @GibParadox and @MalwareMonkey

nice box, PM for hints if needed.

Type your comment> @oXmix said:

I have tried all the possible steps:
submit ticket :-
step 1 file supported
1: change time zone to L0
2: upload s
e
* with extention (no luck)/ call it back after changing the ‘x’ range

step 2 er: file not supported (no luck)
yes I have changed php -reverse -shell already using (/usr/share/webshell/php/reverse*)

in exploit not sure what code should I use ?
currentTime= (???)
Thanks

rooted

I’ve been working on this box for a few hours now. Following Ippsec’s guide to figure out how to fix the exploit - I keep getting the same error that it cannot find my uploaded file and I am not sure what I am doing wrong at this point. the path is correct, the timestamp is correct, I make sure to time the exploit. Can anyone tell me if there is a crucial step I am missing?

It sucks then an easy box is the one to break you … eye opener !