onetwoseven

@KevinMoore said:
why am i getting no errors after ssh but it just shows a blank page?

if you read the code you would understand why you have a blank page.

Read it from top to bottom to understand why you have a white page displaying instead of what you think you should have.

Have tired things but still unable to get the initiaL foothold, anyone with an idea please PM

I finally got user no need a hint on starting root

stucked on the f****g a**-t u***

any help ?

Wow I rooted it.
Definitely needed a lot of help. But I have to say @jkr, you make some sick boxes bro. I learned so much and it really was a lot of fun.

user

  1. Enumerate
  2. sometimes you do stuff in one place… and it changes things in another place differently.
  3. Claim your user (Don’t forget to do this before moving on)

root

  1. Read and understand every line of code in that o**-m**-a****.p** file. All of it. Completely. You’ll figure it out.
  2. Once you’re on, run a enum script, you’ll see it.
  3. You can’t abuse the a*t command itself…
  4. MITM- it’s tough, confusing, and you’ll need to learn a lot if you don’t already know it.

DM for nudges.

ive got a successful tunel but keep getting 403’s can someone send me message with a little hint? Ive tried a few diferent ips to no avail.

EDIT: Got there! thanks to a comment from @frankx

Type your comment> @frankx said:

If anyone has any clues on why I keep getting 403’s with loh tu**** at high port I’d appreciate a pm. Not sure if it’s on my end or something else.

Edit: Thanks to @Smoothz for the help. If you are running into a similar issue, check the syntax on your s** command. Should be 127 in there and ports should match.

thank you! very useful advice

Could anyone give me a hint on how to upload my own file on the admin page? I am stuck there, tried a few different stuff but not even close to a desirable result… Can’t figure out if I need a correct POST syntax or if I have to run a .**p script locally that will post into the server? yeah I am pretty lost rn

When I run a**-g** u*****, I get the an error that the public key is not available. I am stuck right now

Edit: My r*** was authenticated

Wow, it is definitely one of my favorites. Great box @jkr

#Deleted

I am getting this error on running s*** a*** u******* command.
Error:
Writing more data than expected (612 > 611)
Hashes of expected file:

Filesize:611 [weak]
SHA256:eb6eb346dea06b23feee401a2e54555b6837cd97f546fb2ebe12543546e385aa

Can anyone help me out please there must be some problem with r***** and p***** files.
What to do?

Hello, can I please get a PM about how to get the rev shell from inside the admin panel?

I have played around with burp editing the requests I am making to (what I assume) is the upload page, but when I try to add in a boundary to the request it tells me its 400 and is an invalid request.

If you are having trouble getting user after/before a reverse shell. Be Neo and go back to the source.

@ThrashTitan said:
Hello, can I please get a PM about how to get the rev shell from inside the admin panel?

I have played around with burp editing the requests I am making to (what I assume) is the upload page, but when I try to add in a boundary to the request it tells me its 400 and is an invalid request.

PM

Type your comment> @sh13ld said:

Who need help in onetwoseven machine PM me

Neat. Apparently now instead of looking to see whether there’s a “1 New” badge to know whether there are new questions, I should instead check to see whether it doesn’t say “Most recent by sh13ld”. Useful stuff.

The script outputs “successfull.y”, but is nowhere to be found, I’ve PM people to know the location and it’s not there.
Any idea what I’m missing?

listening on [any] 4444 …
connect to [10.10.15.34] from onetwoseven [10.10.10.133] 54286
root@onetwoseven:/# whoami
whoami
root
root@onetwoseven:/# cat /root/root.txt

Can’t believe I did it. As a piece of advice on root, you might pinhole yourself into thinking it could be an input validation exploit and even going as far as to follow a certain guide on how to do it. Instead, think about how the box is configured and how you can work that configuration to your advantage. Is there any way to fool the machine into thinking you’re something it looks to as a source of information?

great boxx

Forty-three years later-
This machine is the sickest and I mean that in the kindest way possible.
Max-respects, @jkr
You need anything. Please write me.
I’ll do my best for you.