I have this problem that i get a message saying that the file is uploaded. But shouldnāt be located in the same place as all the other files? Iāve tried several paths, but i donāt seem to be able to find it.
User: ssh is not needed, uploads are not needed. You ONLY need: provided s**p access, basic logic, help commands and "what if iā¦ " comment in the very beginning of this thread
looking at exposed web pages (those you start with) is also helpful.
Root: Creds are available thru s**p. To process the upload, read the source carefully, there is a statement missing at some point. Modified request helps to solve this problem. Look out for examples to run it properly after upload. On final step do not pay attention to errors, go ahead and install it.
Finally rooted! Thank you @jkr for such a great machine. Also thank you @denstr for a nudge.
All I needed for the last step to root was the A** M**M blog, knowledge of how to keep env in sd and Burp.
Hehe, got root. Huge huge thanks to @flipflop139874 for the help.
Noticed some weird stuff. e.g you should intercept the first request and leave the second one go forward without any intervention.
had to reset the box couple of times cause of the cache.
prior MITM knowledge is really handy for root on this box.
you have to find alternatives for some stuff explained in online articles.
Damnit. Iāve tried to upload that file back and forth for a couple of weeks. There was 1 little thing i not had testedā¦ I payed to much detail to what was in the file without thinking about the consequences running it that way (hence successfully uploaded, without a fileā¦).
Getting the user is quite easy with the comments in this thread. However, the part that confused me was that of the plugin.
Root
The root part was amazing!
Frustrating but in the end exciting, it is only trial and error again and again until it is achieved. MM seems to be a complicated attack at first, but just look at so and save you certain steps in the network part. However, a fundamental part is to investigate and understand the attack.
A very good root track is this:
@antares341 said:
Finally rooted thanks to @siryarbles . Here are some hints that may help:
User: Everything you need is in this forum. In the upload part try to understand how the machine is processing U-Ls, what process first and what next and how htaccess works. Read the code carefully and check adās headers from examples.
Root: If you have already found this blog about a-t MāM is the right one. But you will have to do some changes. First, a-p spāing is not going to work. Remember network layersā¦ There is a var that a-g uses in some cases. You might have already seen it with sā -l. You donāt need D-S spāing either. Just give to the box what it requests. You can use the same thing you found in that var but in your side. After that just read outputs and fix trees.
Hello,
Ive had some success with sp commands i found the a****-h* dir got some gd infos thereā¦ I found user. txt also but no permission to view itā¦ I guess i need to find my way to p 68*
Im still stuck there ? any help would be great PM
EDIT : I found my way in to the right place still stuck with ad* upload
EDIT i found my way in now using a reverse shell working on getting root
Hello,
Ive had some success with sp commands i found the a****-h* dir got some gd infos thereā¦ I found user. txt also but no permission to view itā¦ I guess i need to find my way to p 6**8*
Im still stuck there ? any help would be great PM
Did you check available pages?
Iām bashing my head against the wall trying to find the creds for the admin page. If anyone wants to throw a hint my way that would be greatly appreciated!
Iām bashing my head against the wall trying to find the creds for the admin page. If anyone wants to throw a hint my way that would be greatly appreciated!
My advice to youā¦ Use whats available in front of u from the begining u ll be amazed when it works PM if u still stuck
I got user without using any shell. I think I got it by the intended way. Just use S**P.
However, this is where I got stuck. I have the source code for all the visible php and that hidden php in h * * l a * * * n. Can I still carry on if I donāt have any shell?
I got user without using any shell. I think I got it by the intended way. Just use S**P.
However, this is where I got stuck. I have the source code for all the visible php and that hidden php in h * * l a * * * n. Can I still carry on if I donāt have any shell?
I got user without using any shell. I think I got it by the intended way. Just use S**P.
However, this is where I got stuck. I have the source code for all the visible php and that hidden php in h * * l a * * * n. Can I still carry on if I donāt have any shell?
Yes.
You mean I can get root without achieving a reverse shell for this challenge?