Swagshop

Rooted. I know everyone was saying this was easy but I guess this shows how much of a newb I am. Learning from videos is one thing but actually applying it is another.

For user: Find the right python script, after you get to the next step, then find the right reverse shell script.

Root: Get creative with the powers that are already given to you

What in the blue ■■■■ is going on? Am I just a fucking retard? Before you answer that yes, I’ve used the big snake 3, same ■■■■.

Python3 -c ‘import pty;pty.spawn(“/bin/bash”);’
Ctrl Z to foreground
stty raw -echo
fg
Enter twice

Type your comment> @PavelKCZ said:

Anyone have an idea, why the script always ends with “DID NOT WORK” ?

did you check the script? check if it need any modification !

once you know what to do, keep everything ready and RESET the box ( hoping nobody resets for next few minutes ! )

@bobthebuilder said:

Can I get a PM for shell please?

Installing the standard fs package/module works but doesn’t seem to leave any way of accessing it. A custom package leaves folders around instead of my shell.php file (?). I tried logging in/out, rebuilding indexes etc but it doesn’t seem to stick.

How are you installing the package ? you should be able to access by browsing to your php file.

Hello guys i already get user priv. im spending like 2h on root priv and its blowing my mind because you said that is much easy…
(s*** command dont work, g** not working eather, cant execute b***) can someone tell me the right way please?

Juste resolve my problem. Really nice machine. i learned a lot…

Learning loads but I can’t get my reverse-shellto connect back to my Kali instance. Had the same issue with the other box that I’m trying. I have edited the reverse shell script to point back to Kali but to no avail. Any pointers anyone? Am I using the correct IP address, do I need to open up the port in Windows firewall?

The 503s are driving me crazy. Please stop being dumb, k thx.

User was really easy, root was what I found tricky. This box is so unstable though, my god. I had to re-exploit and get my user shell back at least 20 times.

this box was frustrating because of all of the reboots. If you watch the shoutbox then you can see how many folks request restarts on the box. Was a fun box though. The root was interesting.

Got root! 12 hours to get user flag, 30s to get root.
It’s ok to pm me for questions.

hi all there, i am starting this machine from scratch. if someone wants to join for study/growth pls pm me. tnx

I get shell on site, i’m blocked, some hint ?
Work on this machine it’s impossbile!!

Hello, I just started on htb. Does buying VIP get me another machine that is separate from what is public? I am 99% sure I know what to do, but I get maybe 90 seconds from reset to 503 again. My reverse shell was closing immediately on connecting, but I changed my file upload and I believe it should work now.

I’m tired about so many reboots.

Type your comment> @neatzsche said:

Hello, I just started on htb. Does buying VIP get me another machine that is separate from what is public? I am 99% sure I know what to do, but I get maybe 90 seconds from reset to 503 again. My reverse shell was closing immediately on connecting, but I changed my file upload and I believe it should work now.

VIP will indeed get you access to one of about 40 much, much quieter servers. You still see the occasional other soul in there, but I often have a box to myself, especially for the less new boxes. Well worth it imho.

I got root flag and trying access the shop
swags not free!!!

owned swagshop !!!

User owned! It was quite easy even for lame like me :wink: Many say owning root flag on that machine is much easier than users but it doesn’t look this way for me. Idk what else I can enumerate having user (www-data) access already ? Sudo is not working - I mean I still need user pass… Changing user pass is not working either because of current pass. Any tips ?