Swagshop

Could someone help me out a little? Got to the admin panel and used the right exploit which gave me W***** but when I try the creds I can’t get in

Hi everyone.
I managed to access the admin panel and enable F **** I **, loaded the revShell and taken user.
Now I’m stuck on the root by the comments we understand to use a base esc esc but without success. can someone give me a suggestion in PM.
Thanks and sorry for my bad english

EDIT: please pm me hint for priv esc ///v not working for me

Type your comment> @NotSmartEnuf said:

Can we please stop breaking the box by putting the reverse shell in index.php? thx

Seriously THIS. Use some thought, people. There are plenty of other php files in the sea.

I managed to root the box after much trial and error - mostly due to what I suspect is other users modifying index.php. I finally did something that seemed to stabilize the box somewhat; I removed write permissions from the index.php file. That seemed to keep it up and running for the time being but I’m sure that will revert as soon as someone resets the box.

chmd -w /var//**/index.php

I’d recommend that the authors/htb staff modify the gold image to make this modification permanent if that is a reasonable thing to do. Cracking the box probably took an additional 6 hours of trying to get in, only to either encounter the 503 / service unavailable problem, or a “Failed to daemonize…” issue that I suspect is because people keep trying to modify the index.php file to gain access. Also people keep then resetting the box because they lose access because the website goes down… its a vicious cycle.

Type your comment> @NotSmartEnuf said:

Type your comment> @melodicminor said:

I got user through someone else’s work on this box and now its coming back to bite me in the ■■■.
Can I PM someone for a little help?
All I’m trying to do is get user again so I can work on the obvious next step.

Absolute beginner but did manage to get user and root, so feel free to drop me a line.

Finally got the thing to do the thing without breaking everyTHING…
Oh how versions matter.

Been stuck trying to get root for a couple of days now, I know what command to run, but i’m dead in the water now. Can someone PM some advice

Finally rooted!! Massive thank you to @Achille for helping me straighten out my thoughts and nudging me towards the correct one on user.

USER: really easy on hindsight, really difficult at the time. Its obvious once you stop trying to think like Mr Hackerman.

ROOT: I struggled with this for ages. In fact I learned a tone about privesc, as I’ve never done it before. Finally, when I figured it out, I could have kicked myself. It was so much simpler than I’d recognised. I must have input the near correct syntax 50 times before I realised where I was going wrong.

Lesson learned: Think with your eyes.

Thank you @ch4p :smile: as a noob, I got loads from that.

Rooted! PM if you need a nudge!

Stuck at sudo trying to priv esc with the big V, if anyone can send me a PM i’d appreciate it!!!

Got root.

Job is done.

Am I being really stupid by having a shell but not finding the user flag?

Type your comment> @JonnyGill said:

Am I being really stupid by having a shell but not finding the user flag?

Just Find it mate.

Type your comment> @TheRamen said:

Type your comment> @JonnyGill said:

Am I being really stupid by having a shell but not finding the user flag?

Just Find it mate.

First thing I tried. Wonder if someone deleted it and I need to reset the box (though I’m on VIP so that would be extra annoying)

EDIT: Nevermind, found it. On to root.

EDIT: Got root. Right in front of my face from the very beginning and I was trying two separate things the whole time.

Do you have any idea why it turns to "Service Temporarily Unavailable " error in browser?

I got user+root but I would like to exchange infos with others how they get their root shell. I tried 3 things and only one worked for me. It was an official “way” to access files.

I just got user+root. I spend a lot of time to get root and the key was that I was using c99shell which is limited to do what you have to do (in terms of getting a more interactive shell rather than just execute commands). When I started to use the pentestermonkey php reverse shell I was able to do it. For any hint PM me

I got Magento admin panel password and then I backup System without media. bt, I don’t understand how to get the server access or ssh password to the server. please give me a hint

@deathflash1411 said:
Any hint on how to decrypt the M****** password?

hint: make your own password

Type your comment> @DarkMRX said:

I got Magento admin panel password and then I backup System without media. bt, I don’t understand how to get the server access or ssh password to the server. please give me a hint

Maybe there’s a way you can upload your own reverse shell via the admin panel?

Type your comment> @TheRamen said:

Type your comment> @DarkMRX said:

I got Magento admin panel password and then I backup System without media. bt, I don’t understand how to get the server access or ssh password to the server. please give me a hint

Maybe there’s a way you can upload your own reverse shell via the admin panel?

got it. thanx and one last thing. is that shell PHP or something else