Swagshop

Hello, I just started on htb. Does buying VIP get me another machine that is separate from what is public? I am 99% sure I know what to do, but I get maybe 90 seconds from reset to 503 again. My reverse shell was closing immediately on connecting, but I changed my file upload and I believe it should work now.

I’m tired about so many reboots.

Type your comment> @neatzsche said:

Hello, I just started on htb. Does buying VIP get me another machine that is separate from what is public? I am 99% sure I know what to do, but I get maybe 90 seconds from reset to 503 again. My reverse shell was closing immediately on connecting, but I changed my file upload and I believe it should work now.

VIP will indeed get you access to one of about 40 much, much quieter servers. You still see the occasional other soul in there, but I often have a box to myself, especially for the less new boxes. Well worth it imho.

I got root flag and trying access the shop
swags not free!!!

owned swagshop !!!

User owned! It was quite easy even for lame like me :wink: Many say owning root flag on that machine is much easier than users but it doesn’t look this way for me. Idk what else I can enumerate having user (www-data) access already ? Sudo is not working - I mean I still need user pass… Changing user pass is not working either because of current pass. Any tips ?

Finally rooted. Has anyone managed to get a user shell with “frog”? Could get the user flag but not RCE. Wasted quite some time but thought it would have been nicer than what seems to be the most common way.

User: can’t add much too what has been said (just some extra patience with all the resets…)
Root: you have what it takes but where?

Nice machine.
it is not so easy get user because a lot of reset
root is quite simple with a good enumeration
thanks to @ch4p

please can someone give me a hint on getting the credentials?

Type your comment> @dewille said:

Sudo is not working - I mean I still need user pass…

Check your syntax. You do not need the user password to sudo if you use it correctly.

I’ve gotten to the point where I can run commands on the server as wa using cl, but am having a really hard time establishing a reverse shell. I’ve tried some of the usual commands and scripts. Does anyone have any pointers or ideas on how to troubleshoot this?

Struggling to get a foothold here. Can anyone spare a PM, I had tried a few exploits but I suspect need to change the path. Not sure to what though.
← Just a sad kitty right now…

Rooted, feel free to dm me if you are struggling. that was a fan box

Type your comment

hi!
i know the version
i have a good shell
i know the commands with “super powers” (no pass), but a password is required, when i try to execute the command!
Can anyone PM?

If it asks for a password then you haven’t typed it in properly. Recheck what it says you can do without a password. Don’t assume you can do anything else.

Type your comment> @3N14C said:

hi!
i know the version
i have a good shell
i know the commands with “super powers” (no pass), but a password is required, when i try to execute the command!
Can anyone PM?

ROOTED!!

my php reverse shell using the magento con**** is always resolving a directory when I browse to it. Can someone pm me and help me with this.

Got it finally. Tip for root, make sure you understand what can you run as *. Then check how can you run an external command within that.
Is it still asking for a password? then you still don’t understand it correctly :slight_smile:

i think i am missing something for the user flag, could anyone pm me for a little hint?