Swagshop

ROOTED! Took me almost a ■■■■ week but massive shoutout to @nan0byt3 for the help! I learned so much from him and from working this box! Willing to help those who need it, but this community is awesome and to everyone that has reached out to help, I truly appreciate it!

Need a help in right direction, inside m****** portal

Rooted! HMU for hints and help.

To everyone struggling with the 503, inject your php code in that same page.
Root part can be done within a minute.

So im trying to upload P******.x** and its asking me to LI again?? but the LI creds no longer works?? can someone tell me why?

Rooted a long time ago - PM me for help :slight_smile:

ROOTED! Very nice box!

stuck on getting admin creds? any suggestions.

Hi, could someone pm me for guidance?

I have successfully gained access to the m* c* m* and am trying to figure out the direction to go from here. Not sure if I should focus on uploading or searching for another exploit.

Also, first box so I also would like to know if most people go for root or user first or if it depends on the box.

Thanks!

Type your comment> @Manb4t said:

I’m struggling with the swag shop exploit.

I register an account and then use the creds to run the exploit based on the version of the cmanager page.

but I keep getting:

Traceback (most recent call last):
File “./swagshopexploit.py”, line 56, in
br[‘login[password]’] = password
File “/usr/lib/python2.7/dist-packages/mechanize/_form.py”, line 2780, in setitem
control = self.find_control(name)
File “/usr/lib/python2.7/dist-packages/mechanize/_form.py”, line 3101, in find_control
return self._find_control(name, type, kind, id, label, predicate, nr)
File “/usr/lib/python2.7/dist-packages/mechanize/_form.py”, line 3185, in _find_control
raise ControlNotFoundError("no control matching "+description)
mechanize._form.ControlNotFoundError: no control matching name ‘login[password]’

Do I need to find/guess an admin password for the connection manager at downloader folder and use that as the creds for the exploit? Or is this the wrong exploit?

I also found credentials in one of the directories/files for the root database user. But not sure where these come into play.

Any help would be appreciated, I feel like i’m over complicating things???

I’m having that same issue. Any hint or solution?

@Manb4t @Joao1905

If you’re trying the script I’m thinking of, I don’t think it’s actually necessary or wasn’t in my case. I messed around with it for a while getting similar errors. However, once you have the account needed to login to the admin site there are easier ways to get what you need using (or adding) pre-made tools for the platform rather than trying to make it yourself.

Stuck at the M* C* M* page. I’m pretty sure that i’m using the correct script, added the script where necessary with contents from a file, also changed what’s on your watch… But i now tried on 2 different unix OS-s and both act differently, with different errors. I tried changing the script but i just can’t seem to figure out and keep getting errors.

EDIT: Found the issue with the script, it was the wrong one. Some sleep was necessary think straight again… Now i’m just getting CRAZY of the amount of 503s.

EDIT2: Well, got user&root, but I was almost going to buy VIP because of the amount of resets/503s. Nice box nonetheless!

Type your comment> @PavelKCZ said:

Anyone have an idea, why the script always ends with “DID NOT WORK” ?

ur path is wrong add index.php

Type your comment> @NativePWN said:

This is my first live box at htb, been trying to mod the 3779.py exploit and kept getting : File “3779.py” , Line 9, SyntaxError : Invalid Syntax. What is it that I am missing or doing wrong? Any help and hint from the elite to newbie???

Maybe try a different exploit… Perhaps one from about four years ago?

Finally made it, my very first one!

User: it seems to be mostly about the path, after that it worked every time for me. the second part was mostly google and trial & error.
Root: hints from earlier pages and google. i wasn’t aware i was root for a while, the formatting was weird to me…but maybe because i’m new :wink:

Send a message if any questions.
Oh, and could someone send a pm about how files were uploaded? i couldn’t figure that out and used some file that was already there. (not index…)

Really nice box. You can always learn something new.

Thanks @ch4p for creating it.

P.S.: PM for tips if you want, but write down what did you try.

so slow-
got rev shell, commands taking forever…

most time consuming box ever. Too many 503 errors.

CONNECT ERROR PACKAGE FILE IS INVALID
./app/code/community/lavalamp/connector/block already exists

who can help me :confused:

Hello , i have a problem i read the root.txt , i don’t se the flag but only t***t ??? is it normal ??