Why this machine it’s down every 5 min???
guys can you stop please upload the shell in the index.php (the box its crushing) try different way
Type your comment
Getting the root.txt is easy once you have a shell. Getting a stable shell long enough is the trick…
There is really no need to upload anything or update the index.php, I just managed to get 2 exploits working to do most things via command line. If you are fast enough, you can get a reverse shell.
@dnperfors said:
Getting the root.txt is easy once you have a shell. Getting a stable shell long enough is the trick…
There is really no need to upload anything or update the index.php, I just managed to get 2 exploits working to do most things via command line. If you are fast enough, you can get a reverse shell.
yea but there’s no flag inside of root.txt. i just check awhile ago
Type your comment> @far0ut said:
@dnperfors said:
Getting the root.txt is easy once you have a shell. Getting a stable shell long enough is the trick…
There is really no need to upload anything or update the index.php, I just managed to get 2 exploits working to do most things via command line. If you are fast enough, you can get a reverse shell.
yea but there’s no flag inside of root.txt. i just check awhile ago
Actually it is the first 32 characters of the file…
Type your comment> @dnperfors said:
Type your comment> @far0ut said:
@dnperfors said:
Getting the root.txt is easy once you have a shell. Getting a stable shell long enough is the trick…
There is really no need to upload anything or update the index.php, I just managed to get 2 exploits working to do most things via command line. If you are fast enough, you can get a reverse shell.
yea but there’s no flag inside of root.txt. i just check awhile agoActually it is the first 32 characters of the file…
huh ?? i thought it was suppose to be random letters and numbers like the user.txt. let me try submitting it. thank you @dnperfors
Giving up this box, can’t stay up for 10mn straight
I have user. Im having trouble with Priv Esc in shell - any hints?
Type your comment> @far0ut said:
Report me if this is a spoiler so i can edit it. So far when i attempt to upload a file, it says something like "package file is invalid… ". Am I the only one ?
Edited: Nvm, i got the user, working on root now. Any nudges are welcome.
smart enum → priv esc | google is your friend
Type your comment> @protektwar said:
Type your comment> @far0ut said:
Report me if this is a spoiler so i can edit it. So far when i attempt to upload a file, it says something like "package file is invalid… ". Am I the only one ?
Edited: Nvm, i got the user, working on root now. Any nudges are welcome.
smart enum → priv esc | google is your friend
Oops i forgot to leave a comment saying i rooted the box. Srry and thanks anyways for your reply @protektwar
I do not understand why before I was allowed to enter with some credentials that I have obtained, and not now, any suggestion as to why this occurs? Thank you very much in advance
I have user but can’t seem to get priv esc. Any hints would be awesome.
and I got root.
I’m having fun on this box so far!
I’m stuck, though. Whenever i try to upload my reverse shell it seems like it uploads, but instead it just creates an empty folder called “/shellname.php/” (same name as my php shell) in the folder i specify.
I’ve never had this issue before and cant find anything on google about it. Any ideas?
Type your comment> @MrSquakie said:
Getting tons of DMs here on root. The thing you see but get prompted for a password, the space isnt a delimiter, that is all one command.
This made me slap my face. Got root in 1min.
Just wondering - any others who have got reverse shell through webshop and adding new products? Don’t want to spoil a lot, but if you did you would know
For everyone that tries to get root and knows he is close, but simply cannot pull it of. Don’t use weevely!! I spend hours on it when finally realizing it does not work with this kind of backdoor. Finally got root now.
pm for help
Can someone give me a hint in the right direction? I found the admin page, but I’m not sure how to actually log in. I’ve also tried the script from exploitdb, but I get errors. I located the l****.x** file with the database credentials and some key, but not sure how to use them.
Rooted! PM for help