@TazWake The question is: I don't know how to download the plugins. Could you please give me some hints via PM?
I dont think this is a spoiler - the plugins have a little link next to them which says (dl) - if you click the link, you download the raw plugin for analysis.
I would also use burp a lot on this bit so you can see exactly what headers are sent and what, if any, redirection happens.
Oh boy and I just lost, I connect to S**P but I can’t get any useful things to happen. If anyone has any hints they want to PM me feel free, I need all the help I can get for user
Ok, that box was extremely difficult. I have done a similar attack on a pentest as is required to get root on this, but it was still a challenge.
Recommendations: User:
Just because you can’t ssh like you normally do doesn’t mean you can’t use ssh.
You need to be able to read code. When you find a place to upload something, that is the right path, but you need to modify the URL that you are posting to in order to make this work. It should be relatively clear by reading the code of the page as to what is expected in the request, so make the URL match that.
Root:
If you see you can do a few elevated commands, that is correct; you need to find a way to leverage those commands to get an RCE.
Read about the server that the commands you can execute interact with and look at creating one of your own.
i have got access to higher port and i founded user.txt but don’t have permission to access it.
Tried post request to login page but nothing get back.
Don’t know how to proceed someone can help me?
Wow I rooted it.
Definitely needed a lot of help. But I have to say @jkr, you make some sick boxes bro. I learned so much and it really was a lot of fun.
user
Enumerate
sometimes you do stuff in one place… and it changes things in another place differently.
Claim your user (Don’t forget to do this before moving on)
root
Read and understand every line of code in that o**-m**-a****.p** file. All of it. Completely. You’ll figure it out.
Once you’re on, run a enum script, you’ll see it.
You can’t abuse the a*t command itself…
MITM- it’s tough, confusing, and you’ll need to learn a lot if you don’t already know it.
If anyone has any clues on why I keep getting 403’s with loh tu**** at high port I’d appreciate a pm. Not sure if it’s on my end or something else.
Edit: Thanks to @Smoothz for the help. If you are running into a similar issue, check the syntax on your s** command. Should be 127 in there and ports should match.
Could anyone give me a hint on how to upload my own file on the admin page? I am stuck there, tried a few different stuff but not even close to a desirable result… Can’t figure out if I need a correct POST syntax or if I have to run a .**p script locally that will post into the server? yeah I am pretty lost rn
Hello, can I please get a PM about how to get the rev shell from inside the admin panel?
I have played around with burp editing the requests I am making to (what I assume) is the upload page, but when I try to add in a boundary to the request it tells me its 400 and is an invalid request.