Swagshop

should the points/difficulty maybe be upped after this downloader was disabled?

Finally started on this box after downloader being disabled. I’ve gotten into the admin panel okay, now working on getting initial access without any luck.

I can upload files onto the server okay and try to view them without issue - can’t get any code to execute though. Have been reading about hopping frogs and trying their suggestions, not much in the way of luck yet.

Is this on the right track? Any suggestions for things to look at?

Check out the product categories. See if you find anything worth while.

Anyone having the same issue of getting 404 downloader not found? I am almost there for the user.txt but unable to load my payload. Please HELP! Thank you!

Finally rooted, I can’t believe it took me soo long. The box is not stable, even in VIP.

Rooted, PM for hints. Thank you to @letMel00kDeepr for the nudge

Solved with the downloader page disabled. Feel free to reach out for hints. Should be on most the afternoon today.

8/31

what should be done after logging in with f… user and f… pass is there a console?

Type your comment> @NativePWN said:

Anyone having the same issue of getting 404 downloader not found? I am almost there for the user.txt but unable to load my payload. Please HELP! Thank you!

Yes, downloader is no longer the right path. You have to find another way

If you’re brute forcing for a login right now, I recommend trying an alternative method.

I don’t normally say anything, but it’s getting a bit out of hand.

Got root

Was a fun box for a noob :slight_smile:

Got Root!!! Learned a lot. Thanks @ch4p. But the machine was very unstable tho…

I need help. I have ran one exploit and gained access to the web portal. I think I know what needs to be done but they are not working. I have researched a few vulnerabilities but their dependencies are not installed.

I have access to the panel, plus any root tips?

rooted. Thanks @Cyan101 for all your help!

It’s normal that the exploit mag–to-s–i.py returns an http error. I admit that until then I managed to access the panel on my own but for this flaw, if someone would be kind enough to give me a hint. :smiley:

I am in need of a nudge. I have made access to the a**** panel, but I cannot seem to find how people are able to upload the missing tools. I believe I have found the proper RCE method, but I don’t know how to install the tools via the panel. PM me pls

hey guys, I found creds, but they don’t seem to work in the An pl. I don’t know where to go next. If anyone could pm me with some help, that would be awesome

First box I rooted, that was frustrating and fun. Thanks for all the comments, definitely helped!

Can someone tell me why I’m getting a 404 error trying to access MagentoConnect Manager. What am I missing here?..thanks!