All I ever get from this s*****py script with the added command is “No output” or the help menu even if I purposely put things that are mean to be forbidden. Banging my head against the wall!!!
You’re pinging. If you google for ways or doing creative things with that you’ll find a format that works for the script.
Does anyone know why I used to be able to use s&lm*p on this box with no issues, and now as soon as I do I get banned? So frustrating not being able to get back to where I was.
Nvm. Tamper scripts enabled me to get back to os_shell. Back to that head scratcher. Googling ping commands hasn’t shed any light. I feel like I’m being thick here.
Hi, can please somebody help me with the last step of user, where you make this specific command? I figured the vulnerability already out and know how to bypass, but I get always some errors. Please send me a message
I’m stuck on the initial foothold. I’m finding other people’s shells during my enumeration, and could easily just use them to get a shell as www-data but I need to know how people are getting those shells uploaded.
I know that *.php?= URL that may lead to an LFI: I can not provoke this URL to give me anything of use by the way of either a file or a useful error message.
I 've also found the login for /p*******n, but I can’t exploit it unless I’m finding the credentials?
Can someone PM me a hint to help me exploit the room?
Edit: Got credentials to p********n, thanks to @sneakypanda for the nudge and confirming I was on the right track after the fact.
Narrowed all my issues down to the fact that I spawned a shell from sq*£)$ap. It wasn’t running the py script properly and erroring out.
Used a different way in and the script ran properly and got user.
Thanks to @f3v3r and @solsound on Discord and @hva on here.
Can someone help me on this? I have been looking at the rooms for hours but cannot find anything. Thanks.
This clue got me stuck for ages, and then it turned out I got in without any rooms at all. DM me and let me know what you’ve tried so far etc and I’ll try to nudge you along.
Working on this box. I am able to read files via a certain room url as well as write to /t**. I. Unable to execute anything with this vulnerability since I can’t seem to write files to /v**/w***.
I have gotten a DB password but don’t see many places to use it.
Am I in a rabbit hole trying to write a file this way?
Rooted! Actually pretty easy but I made unnessary mistakes, so that this was the box I spend the longest time on. Thanks to @ixxelles for helping me out.