Swagshop

I have done nothing. Tried enumeratin users, but giving false positivies. Pleases help! how to get admin panel.

Took user yesterday, which was nice.
Now going for root.

If anyone need a nudge, PM me.

Usered and rooted yesterday. Interesting box, feel free to pm me if you need help

■■■… Please stop resetting the box, frustrating…

This box is pretty frustrating as its constantly reset. There should be no reason to do this if you are trying for user or root. Trust me you dont need mst for this just use step by step attack with credentials found to upload a s*** and then get user. The RCE’s dont work and are rabbit holes, they my have worked in the past but dont work now.

Is it too much to ask for a more delayed reset like 10 minutes? Are the requests even inserted in a queue?

The box is getting slow…

Its working so slow…

Finally rooted this nasty pieace of CMS! I was starting to get really tired about it, but learned lots of new things!

Type your comment> @bradgcoza said:

This box is pretty frustrating as its constantly reset. There should be no reason to do this if you are trying for user or root. Trust me you dont need mst for this just use step by step attack with credentials found to upload a s*** and then get user. The RCE’s dont work and are rabbit holes, they my have worked in the past but dont work now.

It works. I finished it recently. Keep trying, dont give up!

@StillNoob said:
I have done nothing. Tried enumeratin users, but giving false positivies. Pleases help! how to get admin panel.

check for available exploits online or searchsploit

If anyone has any hints on how to figure out which exploit to use to get a s**** (am already in the a**** p****), plz feel free to let me know. :slight_smile:

Finally rooted this box… beware of flash not loading critical content… lol

This is resetting waaay to much :confused: Know what to do but just can’t get there in time before someone resets it :confused:

Please, leave it alone for half an hour, thank you :slight_smile:

No way for getting root, the approach is pretty clear to me. But some users keep resetting the box.

Hey guys, my shell doesn’t seem to be connecting, just timing out. Could I get some help? Thanks

Do i need to port forward to get the connection back from reverse shell?

Cool box…Rooted today! For any help ping me !!! Thanks to @Grasshopper , @Y3llowMustang, @St3veR0nix, @lucxfer, @Isyber. You guys helped me alot! :slight_smile:

All I seem to be able to succeed at is getting into the magento admin interface… any hints on what exploit gets me shell?

Can anyone give me a heads up on PrivEsc?