Aragog

I know the feeling, in the same place :expressionless:

Any hints on root? I’ve been stuck for a few days now.

Been dirbing for days need a nudge.

any chance to get a direction?
found the 2 files, but can not find the connection…
i am missing something for sure, maybe overthinking it…

deanos: as already stated in this thread look at OWASP Top 10 and put both files in conjunction

PM me for additional help if you need

@deanos said:
any chance to get a direction?
found the 2 files, but can not find the connection…
i am missing something for sure, maybe overthinking it…

Burp is your friend here. Pay close attention to the headers. Burp even gives you a hint by adding an extra tab besides the Raw,Param, etc…

Hello everyone,

Very frustrating :frowning: . It’s been a few days that I’ve been messing with this box. Getting user.txt was relatively quick, but I only had it through LFI, and not because I actually owned user. Tried a bunch of scripts, tried messing with some logs, tried enumerating manually with whatever makes sense, and I actually did find another webpage that the enumeration didn’t find.

Still have no f’in clue how to get shell.

Please halp

So you got user.txt by LFI so what else can you see?

And think what are your possibles ways to login into the box

I started back on this again today thinking yeah I will win!!! Well… I still cannot get root lol. I can see a dir belonging to another user, and I have found a dodgy hash that gave me nothing. I’ve been looking at the wiki and it looks like something maybe automated?

JEEZ thought I was ok with this stuff, but every so often just get so very stuck. not understanding this one. I have found 2 files by different methods and if I use burp I can get some functionality (changing values displays correct results). I have tried cmd injection on this and everything I have tried fails. right track? or barking mad? plus, haven’t got any LFI to work, any help there would be great to, please PM me clues, not answers.

I’ve found something that appears every few minutes and some files that move every 5 minutes. I cannot see where it is called from.

more hints at priv. esc? :scream:

I got a number of shells - different users, ran LinEnum etc. Found a lot of things - but after 5 days I still haven’t got root. … this one is hard

@Raphaeangelo said:
Any hints on root? I’ve been stuck for a few days now.

Did you have any luck with priv esc? Can’t seem to find anything standing out. :confused:

@owg said:
I got a number of shells - different users, ran LinEnum etc. Found a lot of things - but after 5 days I still haven’t got root. … this one is hard

@DarkNight7 said:

@Raphaeangelo said:
Any hints on root? I’ve been stuck for a few days now.

Did you have any luck with priv esc? Can’t seem to find anything standing out. :confused:

@davad said:
more hints at priv. esc? :scream:

@monkeychild said:
I’ve found something that appears every few minutes and some files that move every 5 minutes. I cannot see where it is called from.

see if the site is hosting anything :wink:

Weird? The password I used to get onto said site doesn’t work lol

May anyone pm me about a hint? I think I have found the correct file from the system, but I always get a timeout. I was able to retrieve the public variant of that file

really could do with some pointers on priv esc. run the usual checkers and have compiled and tried them with no luck. I see there’s a job that runs every so often but don’t have permissions to edit that. please PM me with any clues you might have.

ok must add. I do not normally port stuff nor do I usually respond to PM’s. saying that as sometimes it’s not obvious if people have spent enough time on something. but I have with this one, saying that one exploit linuxprivchecker suggested which haven’t tried (next on todo list). but this one is weird. help me obewan you’re my only hope!