Swagshop

Learning loads but I can’t get my reverse-shellto connect back to my Kali instance. Had the same issue with the other box that I’m trying. I have edited the reverse shell script to point back to Kali but to no avail. Any pointers anyone? Am I using the correct IP address, do I need to open up the port in Windows firewall?

The 503s are driving me crazy. Please stop being dumb, k thx.

User was really easy, root was what I found tricky. This box is so unstable though, my god. I had to re-exploit and get my user shell back at least 20 times.

this box was frustrating because of all of the reboots. If you watch the shoutbox then you can see how many folks request restarts on the box. Was a fun box though. The root was interesting.

Got root! 12 hours to get user flag, 30s to get root.
It’s ok to pm me for questions.

hi all there, i am starting this machine from scratch. if someone wants to join for study/growth pls pm me. tnx

I get shell on site, i’m blocked, some hint ?
Work on this machine it’s impossbile!!

Hello, I just started on htb. Does buying VIP get me another machine that is separate from what is public? I am 99% sure I know what to do, but I get maybe 90 seconds from reset to 503 again. My reverse shell was closing immediately on connecting, but I changed my file upload and I believe it should work now.

I’m tired about so many reboots.

Type your comment> @neatzsche said:

Hello, I just started on htb. Does buying VIP get me another machine that is separate from what is public? I am 99% sure I know what to do, but I get maybe 90 seconds from reset to 503 again. My reverse shell was closing immediately on connecting, but I changed my file upload and I believe it should work now.

VIP will indeed get you access to one of about 40 much, much quieter servers. You still see the occasional other soul in there, but I often have a box to myself, especially for the less new boxes. Well worth it imho.

I got root flag and trying access the shop
swags not free!!!

owned swagshop !!!

User owned! It was quite easy even for lame like me :wink: Many say owning root flag on that machine is much easier than users but it doesn’t look this way for me. Idk what else I can enumerate having user (www-data) access already ? Sudo is not working - I mean I still need user pass… Changing user pass is not working either because of current pass. Any tips ?

Finally rooted. Has anyone managed to get a user shell with “frog”? Could get the user flag but not RCE. Wasted quite some time but thought it would have been nicer than what seems to be the most common way.

User: can’t add much too what has been said (just some extra patience with all the resets…)
Root: you have what it takes but where?

Nice machine.
it is not so easy get user because a lot of reset
root is quite simple with a good enumeration
thanks to @ch4p

please can someone give me a hint on getting the credentials?

Type your comment> @dewille said:

Sudo is not working - I mean I still need user pass…

Check your syntax. You do not need the user password to sudo if you use it correctly.

I’ve gotten to the point where I can run commands on the server as wa using cl, but am having a really hard time establishing a reverse shell. I’ve tried some of the usual commands and scripts. Does anyone have any pointers or ideas on how to troubleshoot this?

Struggling to get a foothold here. Can anyone spare a PM, I had tried a few exploits but I suspect need to change the path. Not sure to what though.
← Just a sad kitty right now…

Rooted, feel free to dm me if you are struggling. that was a fan box