Unattended

Hi,

I’ve dumped the trash and found something useful information. But stuck after that phase. Can someone give me a hint in PM? Thanks :slight_smile:

This has got to be the box that has given me the most trouble so far. Took me about 2 weeks of working on and off to figure out the doctor’s visit (thanks much to @Leonishan ) and I’m stuck just a few steps ahead of that. Could someone PM me with some advice? I have a few questions. Thanks in advance!

a lot of caffeine was wasted during the user part : p wonder what about root now

any help? I stuck on L**

I already get some interesting info with sq**, but unable to move on…hints please

rooted thanks to some tips from a patient @dr0ctag0n!

PM if you need a nudge. I barely made it through the box, but I’ll try and help out where I can.

This machine made me bleeding for gaining user shell. Still try hard for root user :smiley:

Rooted the box …!!! Its insane …

I suspect that we have to do nested querys to get want we want, can anybody PM to make sure I’m in the right way?

Type your comment> @hfernandes said:

I suspect that we have to do nested querys to get want we want, can anybody PM to make sure I’m in the right way?

Finally LFI, moving on to RCE

can i have a nudge from w**-d*** to user please?

could someone help me please i cant seem to figure this out

Having issues with RCE, can get basic commands working and others seem to crash the box. Anyone can help?

Got www-****, anyone can gimme a nudge for user?

Type your comment> @vGsec said:

Having issues with RCE, can get basic commands working and others seem to crash the box. Anyone can help?

I have the same problem, when I tried to execute what I hoped would give me a shell, the box would freeze and I had to reset it, which I can do only 3 times a day and somehow having to reset this many times makes me wonder whether the approach is viable.
Is l** p******** a valid approach or am I wasting my (and others’) time? I’m trying alternative approaches but no luck so far.

Type your comment> @wawrzeniec said:

Type your comment> @vGsec said:

Having issues with RCE, can get basic commands working and others seem to crash the box. Anyone can help?

I have the same problem, when I tried to execute what I hoped would give me a shell, the box would freeze and I had to reset it, which I can do only 3 times a day and somehow having to reset this many times makes me wonder whether the approach is viable.
Is l** p******** a valid approach or am I wasting my (and others’) time? I’m trying alternative approaches but no luck so far.

DM’d you

Hint for those who have got the first shell: you can use nohup to detach a second shell and then exit the first one; this will make the webserver responsive again and diminish the chances that someone resets the machine.
Edit: you need to kill the first shell as well I forgot to mention

Hello all! I need a bit help with www-****, please PM me if you don’t mind, I will write what I have and my conclusions for that, thanks.

Hey guys, I found 3 very interesting pages that tell a really interesting story :slight_smile: Dirbusting seems to be useless imho, could someone just help with avoiding rabbit holes and nudge me a little towards the right path?

I’m really at a loss with the escalation to user, if anyone would care to send me a hint that would be greatly appreciated. I’ve seen and and looked into all of the hints &suggestions that I found in this thread and that I could make sense of, but I am still failing to put it together. Thanks

Hope I could get a nudge in the right direction for the RCE /LFI. Dumped everything useful via s**, found some interesting status/moved pages, and enumerated all hash-related paths/files I could find publicly.