Swagshop

Struggling to get a foothold here. Can anyone spare a PM, I had tried a few exploits but I suspect need to change the path. Not sure to what though.
← Just a sad kitty right now…

Rooted, feel free to dm me if you are struggling. that was a fan box

Type your comment

hi!
i know the version
i have a good shell
i know the commands with “super powers” (no pass), but a password is required, when i try to execute the command!
Can anyone PM?

If it asks for a password then you haven’t typed it in properly. Recheck what it says you can do without a password. Don’t assume you can do anything else.

Type your comment> @3N14C said:

hi!
i know the version
i have a good shell
i know the commands with “super powers” (no pass), but a password is required, when i try to execute the command!
Can anyone PM?

ROOTED!!

my php reverse shell using the magento con**** is always resolving a directory when I browse to it. Can someone pm me and help me with this.

Got it finally. Tip for root, make sure you understand what can you run as *. Then check how can you run an external command within that.
Is it still asking for a password? then you still don’t understand it correctly :slight_smile:

i think i am missing something for the user flag, could anyone pm me for a little hint?

stop putting your stupid shell inside the index.php ■■■, this is gonna make me crazy

Figured it out. Never needed the stable full blown reverse shell after all. Got fixated on that when the answer was very obvious. Fun box and stickers are on their way!

Can I please pm someone about this? I think I have ideas of what I need to do and I think I know why it’s not working but I’m not sure how to resolve it.

Type your comment> @thegoatreich said:

Can I please pm someone about this? I think I have ideas of what I need to do and I think I know why it’s not working but I’m not sure how to resolve it.

PM me bro… :blush:

Fun box, but had to upgrade to VIP as the free machine wasn’t usable, resets every minute … With VIP lab, navigating is very fast and you can start focusing.

Once you have user (I used a reverse shell), root is very very easy.

Finally got a root flag !! :slight_smile:

Anyone willing to give a nudge on the admin part? Got a rev shell, did enumeration, found v*, tried s*** but asks passwd…

Nvm got root, just need to read better

rootdance

First box i hacked. I really liked the experience. Getting user account was a little bit harder than root imo. I really enjoyed the way to get root. Very basic but interesting commands. I learned a lot!

could not privsec with v* always getting “no tty present and no askpass program specified”… feel frustrated…