Swagshop

Am stuck with frog, my shell does not seem so execute, can somebody give a hint?

Could someone give me a hint. I have created my own user and tried a exploit but the python is wrong. Should I use this exploit?

OR am I suppose to find admin credentials somewhere?

Rooted! Thanks to @Hackbot1x, and so to return the respect, if anyone needed a nodge or hint, pm me. FYI: I learn many new things from this box, very challenging if you are not reading the exploit correctly. I struggle from the get-go but managed to access the A*** P***. Then got stuck there for days (esp. after the downloader was taken off), and read the forum here over and over and finally asked hint from @hackbot1x. Have fun with, don’t let the frustration gets ya, you will succeed in the end.

any tips on the type of shell to use. I can run commands but not create reverse shell. Tried everything I can think of.

@ankh2054 said:

any tips on the type of shell to use. I can run commands but not create reverse shell. Tried everything I can think of.

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Try this page, extremely useful resource

There is no Magento Connect Manager login page. I get '/downloader/ was not found… ’ when I try to connect to it from the Magento Admin page’s drop-down menu. I cant continue.

With all the pieces in place, this was indeed an easy root.

I can’t seem to create my own creds, I can get in using the default creds that the exploit creates, (I’m guessing this is from someone else) but if I change the username to something else I can’t log in even though the exploit says it worked

Any hints for getting this working? I’ve tried a couple different copies of the exploit from exploitdb and github but have the same result

same as @kalq I think something is wrong, the /downloader/ page isnt working, rather the M0 ct M*****r gives an 404. @ch4p

You do not need the downloader page to accomplish the machine. @kalq @p5yph3r

Look for another documented method of getting a shell.

Could someone nudge me over where to upload/how to get the reverse shell?
Thanks, PM me!

Ok, got the user …

Not do-able. Box is getting resetted constantly.
No good day for e-commerce :wink:

Please folks, do not brute-force this poor server. No need!

I’ve been trying to get user access in 2 days, with no success.
I successfully got in the admin panel in short time, then, I spend just so much time to use things that should have worked (according to previous comments in this forum):

  • tried to use the downloader → it has been removed
  • tried the python script with the POST request → getting the weird error with “tunnel = tunnel.group(1)”.

Honestly, this is getting just frustrating.
If anyone has any idea of how to make work one of the mentioned things, please let me know

Same problem as above cant get the downloader to work or the POST. any ideas

Got user flag and I’ve been wrecking my mind for the past 2 days on getting root flag. Needs help…And i’ve got only a non-interactive shell. Suggestions on getting interactive shell will help me alot.
HELP ME ON GETTING ROOT.TXT…Did everything that I knew…

Type your comment> @hackerg1rl said:

Finally gotten root. if anyone need a little nudge, pm me

Got a non-interactive shell…Any help would be appreciated on getting me root.

Alright Ladies and Gents, so I have a baseline shell. I am absolutely stumped on getting ROOT. I know I can s*** with vi but AHHHHHH, someone help LOL!

Thanks in advance!

Im so lost about getting shell after 404 error. Please help! Thank you!

I got root, it’s easy box, but the people here made it harder, I don’t know why they keep reset it. for any help don’t hesitate to PM/DM.