Networked

spoiler

Rooted. Learned few interesting things out of this one.

why machine slow, plz don’t do brute force attack on the machine no need for it, its straight forward machine.

Ok. Rooted. But can someone explain me why script line

 e**o $**r=$*

EXECUTING command included in $*?
i will appreciate some explanation on DM. I dont like rooting machines without fully understanding what happens.
Thanks in advance

@DeDeReporter said:

spoiler

You mean my post?

Type your comment> @rheaalleen said:

@DeDeReporter said:

spoiler

You mean my post?

No no, I just edited my post, which I think was a little bit too spoiler(ously?) :smile:

Your post is actually great among a lot of “try harder”

to get the shell i post it through curl, but nothing happens.
any good hints

deleted

Finally rooted! Thanks for those who helped me.

One thing to say… try harder! ?

Am I the only one who gets disconnected from the machine immediately? Just when I obtain the shell it disconnects. Frustrating.

@ibrahim95 said:
Am I the only one who gets disconnected from the machine immediately? Just when I obtain the shell it disconnects. Frustrating.

I think that’s a common issue with the free (=populated) machines for this challenge, my shell always died within seconds to minutes.

Totally stuck. I have a shell, and have an idea of how I can get user, but dont know how. Can anyone point me in the right direction? Feel free to PM.

did someone broke this machine?
My initial shell and pivot to user was working superb yesterday and today half of the day, but now suddenly when i was pivoting (exactly same way as before) - i still end up in initial webshell… Did a reset of machine and now i cannot access neither 10.10.10.146:80 neither any of the p****.ph* neither u****.ph*
it just says: FORBIDDEN in any of the pages… and on the main page (http://10.10.10.146:80/) it says:

Forbidden

You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

wtf is going on ?

edit: machine is pinging normally

edit2: ok it seems to works fine now… weird stuff

Type your comment> @r0mka said:

did someone broke this machine?
My initial shell and pivot to user was working superb yesterday and today half of the day, but now suddenly when i was pivoting (exactly same way as before) - i still end up in initial webshell… Did a reset of machine and now i cannot access neither 10.10.10.146:80 neither any of the p****.ph* neither u****.ph*
it just says: FORBIDDEN in any of the pages… and on the main page (http://10.10.10.146:80/) it says:

Forbidden

You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

wtf is going on ?

edit: machine is pinging normally

It definitely gets reset often, which is frustrating to say the least.

Rooted this one. I have learned some nice stuff and to read code carefully :slight_smile:
PM asking for help are welcome.

Rooted

[root@networked ~]#

Well I can say this one was interesting. Learned new tricks and also how to read carefully and understand what is said. Nice machine, I enjoyed it, and the difficulty is right too. Thanks @guly for this machine!

Tips:

USER:

enumerate and then initialize in a very cool way (read code and think what can possibly be done) and then do more careful reading. Understanding a bit of language helps to understand how it works.

ROOT:

I was overthinking waaay too much and got stuck in a rabbit hole which only returned my current shell… Do not overthink. enumerate and then read read and try.
if you can code then it will be easy to understand syntax if not then there are online pages which will help you to put stuff in correct way.

PM for hints when needed

Why do I always struggle with the seemingly easy stuff.
4 hours in and not even a shell. sigh

This is pathetic.

What’s up with some of the poor reviews on this? It was really straightforward and simple – I actually really liked it a lot. Thank you for the box, @guly.

Hints…

User:

Enumerate the web service. Check out different web directories to get back what you need. What’s already listed here in the forum should be enough.

Root:

Standard linux enumeration scripts should reveal it immediately. Take advantage by using some random words/strings to "test"and you’ll get where you need to be in no time.

anyone had a session through jenkins? came up and lost it before i had a chance to dig deeper. im a total newb and sorry if i’ve broken any rules.

ROOTED:
i even did not believe that i’ve got root shell what the hack !!

Hints
User: focus on php functions
Root: a very basic enumeration

PM me for hints