Networked

Rooted ! The problem here is the overthinking. Keep it simple

If anyone need a nudge just ping me

rooted.
For root, 1) basic check for your given privilege, 2) read a script, 3) try several things with the script and see the error message.

Rooted, nice box really enjoyed, thanks makers, learnt again ?

Need help con privesc, please pm a hint

Rooted!
Nice box

[root@networked]# id
uid=0(root) gid=0(root) groups=0(root)

PM for hints :slight_smile:

Just rooted the box. Took me awhile to do so.

Initial Access: I was on the right track but tried to rush it so I made a oopsie and didn’t notice my mistake for at least 1,5 hours.

User: I needed a hint on this. I hate php and can’t read it very well. My cryptonite. technique wise it’s a rather basic thing. You just need to see where you have to deploy this basic technique.

Root: Basic enum gave the vector away in seconds. After reading the source and “the other source” I just tried it and out “things” in there. Took me about 10 or 15 minutes for root.

x41

I’m very Noob, any tips for a shel? Thank you

Type your comment> @LucSec said:

I’m very Noob, any tips for a shel? Thank you

upload

Wow this c****_a*****.p** really has me stumped. Can I get a hint or something to reference?

Alright, finally got root! Not too hard, just try, try, try again.
I was spoiled the user flag, so if anyone would be so kind to PM me how the c****_a*****.p** worked i would really appreciate it!

wow, box is crawling at turtle speed, takes me at least 5 minutes just to change directories…wth

do we need to alter the code of C****_a*****.P**? i dont know php, but i think i understand what its doing, i just dont understand what it has to do with gettting the user flag. What am i missing??

You know it really fucking sucks coming into this room for a hint and seeing 40,000 comments all saying “iT’s So SiMpLe AnD sTrAiGhTfOrWaRd”. Why do people come in here just to be pricks?

Some of us can’t read PHP very well and get sick of looking up every single function, so it isn’t “simple and straightforward” for us.

can someone dm for root assist. certain im in right place w/ vector but not sure why getting iface errors.

Edit: nvm rooted

Can I get a nudge for user flag? I have a shell, and see the c********.*** file - don’t know what to do from here (I’ve tried too many things to mention here).

Ok when I run c****_****.p I see interesting actions that exist in the /v…/…/…/up… folder, but the names are something that is not touchable, and I am thinking I need to add my own. I HAVE NO IDEA how to go about this! Any assistance would be fabs!
Thanks All!

EDIT: USER Completed: For those having issues, TOUCH

.

Can someone give me a nudge on the privesc to user? Based on what has been said in the forum already, I’ve been looking at c****_a*****.p** and can see the frequency with which it runs, I can’t seem to modify the file however, and am not sure how to proceed.

For those stuck on a PHP-script, i would like to add that you don’t need to be able to read/know PHP in order to spot the vulnerability, as the actual flaw in the script is not PHP-specific.

Do some targeted thinking: I want to smuggle some command in, where could i possibly do that?

Finally rooted. Turns out i wasn’t using sudo with the correct script xD;
Some takeaways:
-Do use sudo
-Use absolute path
-You don’t need another reverse shell
-Try replicating the $y=$x scenario in your shell.

PM for help.

Big thanks to @cyberpathogen and @3DxHex