Networked

Does this box crash and reset every 5 min for anyone else? Like is that supposed to happen? I am even on a VIP server but cannot seem to get more than 3-5 min before it goes offline and comes back reset

Need a nudge for user. I do have a shell, but need priv esc.

I believe it would be upsetting to do this machine on free servers. Anyways, really cool machine.
Hints:
Initial part: Don’t forget to look for all type of files while searching dirs, you can also guess it by the content of that one file you find in some folder. It’s really basic to get a shell from there.
User: Read the content of the two files in the home directory and then do what you think is right. Waiting will help you.
Root: Don’t even need to enumerate much, once you find the right file, try to escape it and execute something

I am stuck at root…found a file that has sudo priv . but idk how to escape and get shell. any hints will be appreciated. tq

Hey guys can I get a dm on user esc. I got initial shell but have no idea what the php is doing or how it helps me get user.

Rooted, really liked the box.

Since you have the sources all you had to do was understand the code and go through it step by step.

User
On VIP you didn’t get spoilers just by visiting however on Free its a total different story. If you really want to learn something ignore what others did in the browsable sites and analyze the PHP, THEN do what you think is right.

It takes three steps to user, one forward, one backward and one forward again.
Get shell, take information back, get shell again.

https://www.php.net/docs.php

Take the functions used, look them up in the docs/w3schools and run them online. If you are unsure how one initial variable is declared, a certain easy-to-discover page will tell you. Make your own $name variable and run it through function after function just like the website does it.
After each function write down the output, take it to the next function and repeat.

If you want to get fancy, take the files and make your own server locally.

PHP Boolean False = 0
PHP Boolean True = 1

Root
Basic enumeration, you can run the well known script or if you do the most important things manually you will discover it pretty fast too.
If you found it you aren’t far away, run it and dont space out, focus on task ahead

spoiler

Rooted. Learned few interesting things out of this one.

why machine slow, plz don’t do brute force attack on the machine no need for it, its straight forward machine.

Ok. Rooted. But can someone explain me why script line

 e**o $**r=$*

EXECUTING command included in $*?
i will appreciate some explanation on DM. I dont like rooting machines without fully understanding what happens.
Thanks in advance

@DeDeReporter said:

spoiler

You mean my post?

Type your comment> @rheaalleen said:

@DeDeReporter said:

spoiler

You mean my post?

No no, I just edited my post, which I think was a little bit too spoiler(ously?) :smile:

Your post is actually great among a lot of “try harder”

to get the shell i post it through curl, but nothing happens.
any good hints

deleted

Finally rooted! Thanks for those who helped me.

One thing to say… try harder! ?

Am I the only one who gets disconnected from the machine immediately? Just when I obtain the shell it disconnects. Frustrating.

@ibrahim95 said:
Am I the only one who gets disconnected from the machine immediately? Just when I obtain the shell it disconnects. Frustrating.

I think that’s a common issue with the free (=populated) machines for this challenge, my shell always died within seconds to minutes.

Totally stuck. I have a shell, and have an idea of how I can get user, but dont know how. Can anyone point me in the right direction? Feel free to PM.

did someone broke this machine?
My initial shell and pivot to user was working superb yesterday and today half of the day, but now suddenly when i was pivoting (exactly same way as before) - i still end up in initial webshell… Did a reset of machine and now i cannot access neither 10.10.10.146:80 neither any of the p****.ph* neither u****.ph*
it just says: FORBIDDEN in any of the pages… and on the main page (http://10.10.10.146:80/) it says:

Forbidden

You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

wtf is going on ?

edit: machine is pinging normally

edit2: ok it seems to works fine now… weird stuff

Type your comment> @r0mka said:

did someone broke this machine?
My initial shell and pivot to user was working superb yesterday and today half of the day, but now suddenly when i was pivoting (exactly same way as before) - i still end up in initial webshell… Did a reset of machine and now i cannot access neither 10.10.10.146:80 neither any of the p****.ph* neither u****.ph*
it just says: FORBIDDEN in any of the pages… and on the main page (http://10.10.10.146:80/) it says:

Forbidden

You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

wtf is going on ?

edit: machine is pinging normally

It definitely gets reset often, which is frustrating to say the least.