Swagshop

1161719212241

Comments

  • @bobthebuilder said:

    Can I get a PM for shell please?

    Installing the standard fs package/module works but doesn't seem to leave any way of accessing it. A custom package leaves folders around instead of my shell.php file (?). I tried logging in/out, rebuilding indexes etc but it doesn't seem to stick.

    How are you installing the package ? you should be able to access by browsing to your php file.

  • Hello guys i already get user priv. im spending like 2h on root priv and its blowing my mind because you said that is much easy..
    (s*** command dont work, g** not working eather, cant execute b***) can someone tell me the right way please?

  • Juste resolve my problem. Really nice machine. i learned a lot...

  • Learning loads but I can't get my reverse-shellto connect back to my Kali instance. Had the same issue with the other box that I'm trying. I have edited the reverse shell script to point back to Kali but to no avail. Any pointers anyone? Am I using the correct IP address, do I need to open up the port in Windows firewall?

  • The 503s are driving me crazy. Please stop being dumb, k thx.

  • User was really easy, root was what I found tricky. This box is so unstable though, my god. I had to re-exploit and get my user shell back at least 20 times.

  • this box was frustrating because of all of the reboots. If you watch the shoutbox then you can see how many folks request restarts on the box. Was a fun box though. The root was interesting.

  • Got root! 12 hours to get user flag, 30s to get root.
    It's ok to pm me for questions.

    Running for OSCP

  • hi all there, i am starting this machine from scratch. if someone wants to join for study/growth pls pm me. tnx

  • I get shell on site, i'm blocked, some hint ?
    Work on this machine it's impossbile!!

    Hack The Box

  • Hello, I just started on htb. Does buying VIP get me another machine that is separate from what is public? I am 99% sure I know what to do, but I get maybe 90 seconds from reset to 503 again. My reverse shell was closing immediately on connecting, but I changed my file upload and I believe it should work now.

  • I'm tired about so many reboots.

  • Type your comment> @neatzsche said:

    Hello, I just started on htb. Does buying VIP get me another machine that is separate from what is public? I am 99% sure I know what to do, but I get maybe 90 seconds from reset to 503 again. My reverse shell was closing immediately on connecting, but I changed my file upload and I believe it should work now.

    VIP will indeed get you access to one of about 40 much, much quieter servers. You still see the occasional other soul in there, but I often have a box to myself, especially for the less new boxes. Well worth it imho.

    SmallGods

  • I got root flag and trying access the shop
    swags not free!!!

    Hack The Box

  • owned swagshop !!!!

  • User owned! It was quite easy even for lame like me ;) Many say owning root flag on that machine is much easier than users but it doesn't look this way for me. Idk what else I can enumerate having user (www-data) access already ? Sudo is not working - I mean I still need user pass.. Changing user pass is not working either because of current pass. Any tips ?

  • Finally rooted. Has anyone managed to get a user shell with "frog"? Could get the user flag but not RCE. Wasted quite some time but thought it would have been nicer than what seems to be the most common way.

    User: can't add much too what has been said (just some extra patience with all the resets...)
    Root: you have what it takes but where?
  • Nice machine.
    it is not so easy get user because a lot of reset
    root is quite simple with a good enumeration
    thanks to @ch4p

  • please can someone give me a hint on getting the credentials?

  • Type your comment> @dewille said:

    Sudo is not working - I mean I still need user pass..

    Check your syntax. You do not need the user password to sudo if you use it correctly.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • hvahva
    edited June 2019

    I've gotten to the point where I can run commands on the server as w****a using c****l, but am having a really hard time establishing a reverse shell. I've tried some of the usual commands and scripts. Does anyone have any pointers or ideas on how to troubleshoot this?

  • Struggling to get a foothold here. Can anyone spare a PM, I had tried a few exploits but I suspect need to change the path. Not sure to what though.
    <- Just a sad kitty right now...

  • Rooted, feel free to dm me if you are struggling. that was a fan box

  • Type your comment

  • hi!
    i know the version
    i have a good shell
    i know the commands with "super powers" (no pass), but a password is required, when i try to execute the command!
    Can anyone PM?

  • If it asks for a password then you haven't typed it in properly. Recheck what it says you can do without a password. Don't assume you can do anything else.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @3N14C said:

    hi!
    i know the version
    i have a good shell
    i know the commands with "super powers" (no pass), but a password is required, when i try to execute the command!
    Can anyone PM?

    ROOTED!!

  • edited June 2019

    my php reverse shell using the magento con**** is always resolving a directory when I browse to it. Can someone pm me and help me with this.

  • Got it finally. Tip for root, make sure you understand what can you run as *. Then check how can you run an external command within that.
    Is it still asking for a password? then you still don't understand it correctly :)

  • i think i am missing something for the user flag, could anyone pm me for a little hint?

Sign In to comment.