Swagshop

Stucks at uploading reverse shell

@Fynn said:

There is no Magento Connect Manager login page. I get '/downloader/ was not found… ’ when I try to connect to it from the Magento Admin page’s drop-down menu.

Is it disabled on purpose or has it been tampered with?

I believe downloaded has been disabled because it broke the box for everyone else. The working method has been mentioned many times in the thread

Ok, this is crazy. Got the user, got the root. My first machine EVER!! Yayyyy!!!

But, where to use the password in the store!! :smiley:
Seriously, any help?

Am stuck with frog, my shell does not seem so execute, can somebody give a hint?

Could someone give me a hint. I have created my own user and tried a exploit but the python is wrong. Should I use this exploit?

OR am I suppose to find admin credentials somewhere?

Rooted! Thanks to @Hackbot1x, and so to return the respect, if anyone needed a nodge or hint, pm me. FYI: I learn many new things from this box, very challenging if you are not reading the exploit correctly. I struggle from the get-go but managed to access the A*** P***. Then got stuck there for days (esp. after the downloader was taken off), and read the forum here over and over and finally asked hint from @hackbot1x. Have fun with, don’t let the frustration gets ya, you will succeed in the end.

any tips on the type of shell to use. I can run commands but not create reverse shell. Tried everything I can think of.

@ankh2054 said:

any tips on the type of shell to use. I can run commands but not create reverse shell. Tried everything I can think of.

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Try this page, extremely useful resource

There is no Magento Connect Manager login page. I get '/downloader/ was not found… ’ when I try to connect to it from the Magento Admin page’s drop-down menu. I cant continue.

With all the pieces in place, this was indeed an easy root.

I can’t seem to create my own creds, I can get in using the default creds that the exploit creates, (I’m guessing this is from someone else) but if I change the username to something else I can’t log in even though the exploit says it worked

Any hints for getting this working? I’ve tried a couple different copies of the exploit from exploitdb and github but have the same result

same as @kalq I think something is wrong, the /downloader/ page isnt working, rather the M0 ct M*****r gives an 404. @ch4p

You do not need the downloader page to accomplish the machine. @kalq @p5yph3r

Look for another documented method of getting a shell.

Could someone nudge me over where to upload/how to get the reverse shell?
Thanks, PM me!

Ok, got the user …

Not do-able. Box is getting resetted constantly.
No good day for e-commerce :wink:

Please folks, do not brute-force this poor server. No need!

I’ve been trying to get user access in 2 days, with no success.
I successfully got in the admin panel in short time, then, I spend just so much time to use things that should have worked (according to previous comments in this forum):

  • tried to use the downloader → it has been removed
  • tried the python script with the POST request → getting the weird error with “tunnel = tunnel.group(1)”.

Honestly, this is getting just frustrating.
If anyone has any idea of how to make work one of the mentioned things, please let me know

Same problem as above cant get the downloader to work or the POST. any ideas

Got user flag and I’ve been wrecking my mind for the past 2 days on getting root flag. Needs help…And i’ve got only a non-interactive shell. Suggestions on getting interactive shell will help me alot.
HELP ME ON GETTING ROOT.TXT…Did everything that I knew…

Type your comment> @hackerg1rl said:

Finally gotten root. if anyone need a little nudge, pm me

Got a non-interactive shell…Any help would be appreciated on getting me root.