Swagshop

The box is getting slowā€¦

Its working so slowā€¦

Finally rooted this nasty pieace of CMS! I was starting to get really tired about it, but learned lots of new things!

Type your comment> @bradgcoza said:

This box is pretty frustrating as its constantly reset. There should be no reason to do this if you are trying for user or root. Trust me you dont need mst for this just use step by step attack with credentials found to upload a s*** and then get user. The RCEā€™s dont work and are rabbit holes, they my have worked in the past but dont work now.

It works. I finished it recently. Keep trying, dont give up!

@StillNoob said:
I have done nothing. Tried enumeratin users, but giving false positivies. Pleases help! how to get admin panel.

check for available exploits online or searchsploit

If anyone has any hints on how to figure out which exploit to use to get a s**** (am already in the a**** p****), plz feel free to let me know. :slight_smile:

Finally rooted this boxā€¦ beware of flash not loading critical contentā€¦ lol

This is resetting waaay to much :confused: Know what to do but just canā€™t get there in time before someone resets it :confused:

Please, leave it alone for half an hour, thank you :slight_smile:

No way for getting root, the approach is pretty clear to me. But some users keep resetting the box.

Hey guys, my shell doesnā€™t seem to be connecting, just timing out. Could I get some help? Thanks

Do i need to port forward to get the connection back from reverse shell?

Cool boxā€¦Rooted today! For any help ping me !!! Thanks to @Grasshopper , @Y3llowMustang, @St3veR0nix, @lucxfer, @Isyber. You guys helped me alot! :slight_smile:

All I seem to be able to succeed at is getting into the magento admin interfaceā€¦ any hints on what exploit gets me shell?

Can anyone give me a heads up on PrivEsc?

Type your comment> @bipolarmorgan said:

All I seem to be able to succeed at is getting into the magento admin interfaceā€¦ any hints on what exploit gets me shell?

I have the same problem. But Iā€™ve read most of the way through this entire thread, and apparently, there are two ways. One sounds like a certain kind of amphibian, and the other way is easierā€“there is apparently an exploit available. I personally donā€™t know where to find it, though.

can someone give me any hints on how to start with this one? i am fairly new . do i nee to like figure out the site itself and the hidden contents?

Having trouble accessing admin panelā€¦ do you use openssh exploit on the admin panel with metasploit (If so getting false positives). sorry noob here

managed to get past the admin panel after a google search . canā€™t seem to understand where to get access to user

hey guys, i get the adimn panel, but the exploit that i am using isnā€™t working, its the same one of some other peoples, can some one pm me, needing help, have another way?

Great box, although the resets make it a bit harder than it really is. Stuck at user for ages, got root in no time. Shout-out @ch4p for creating it. PM for hints, I will respond ASAP.