Swagshop

13536373941

Comments

  • Type your comment> @pwsecspirit said:

    Hey so I got access to the magento admin page. But when I am going to "m****** ******t **n***" for uploading it is redirecting me to /***n***er , But there is no page/dir like it and that is why it's showing me 404 , is this expected?

    Sorry for my bad english,

    I read from another post saying that it has been removed because of instability issues for years..

  • edited September 2019

    Type your comment> @Ir0nGe3ks said:

    Type your comment> @pwsecspirit said:

    Hey so I got access to the magento admin page. But when I am going to "m****** ******t **n***" for uploading it is redirecting me to /***n***er , But there is no page/dir like it and that is why it's showing me 404 , is this expected?

    Sorry for my bad english,

    I read from another post saying that it has been removed because of instability issues for years..

    So there is other method for uploading my file?

  • Type your comment> @pwsecspirit said:

    Type your comment> @Ir0nGe3ks said:

    Type your comment> @pwsecspirit said:

    Hey so I got access to the magento admin page. But when I am going to "m****** ******t **n***" for uploading it is redirecting me to /***n***er , But there is no page/dir like it and that is why it's showing me 404 , is this expected?

    Sorry for my bad english,

    I read from another post saying that it has been removed because of instability issues for years..

    So there is other method for uploading my file?

    There is no upload needed... what I read/told, there are other methods... as I was told: use Google-Fu" so.. that was it.. I had same issues so, took a break from it.

  • Type your comment> @Ir0nGe3ks said:

    Type your comment> @pwsecspirit said:

    Type your comment> @Ir0nGe3ks said:

    Type your comment> @pwsecspirit said:

    Hey so I got access to the magento admin page. But when I am going to "m****** ******t **n***" for uploading it is redirecting me to /***n***er , But there is no page/dir like it and that is why it's showing me 404 , is this expected?

    Sorry for my bad english,

    I read from another post saying that it has been removed because of instability issues for years..

    So there is other method for uploading my file?

    There is no upload needed... what I read/told, there are other methods... as I was told: use Google-Fu" so.. that was it.. I had same issues so, took a break from it.

    I just got this box (usr and root) and there has been a another method spoke about in these forums and it worked for me f******** .
    Keep going dude!

  • edited September 2019

    @WhiteRabbit7 said:

    I read from another post saying that it has been removed because of instability issues for years..

    So there is other method for uploading my file?

    There is no upload needed... what I read/told, there are other methods... as I was told: use Google-Fu" so.. that was it.. I had same issues so, took a break from it.

    I just got this box (usr and root) and there has been a another method spoke about in these forums and it worked for me f******** .
    Keep going dude!

    Good to hear... because I spent two f**** days man... still stuck....

  • if anyone need help PM me

  • <can't delete/remove this post.. no response needed.>

  • Anyone trying to root this box atm . i need help for those who owned the box already

  • G'day again thought I'd post up some cryptic clues since this forum helped me heaps.

    USER: All the answers are here already the only thing I'd add is that sometimes it's better to improve on what's already available.

    ROOT: This stumped me for hours even though everyone said it was easy. And it is easy.... Kind of. The best hint I got was 'google Linux privesc text editor of your choice' then I'd say you're a medium of the way there.

    You will need to think about lining up vulnerabilities and this my make more sense if you know the back end of Linux but I don't so it was just trial and error of different 'scenarios'

    Hope this helps and doesn't give too much away but I felt like the root privesc help on here was lacking.
  • edited September 2019

    Type your comment> @Ir0nGe3ks said:

    Type your comment> @pwsecspirit said:

    Type your comment> @Ir0nGe3ks said:

    Type your comment> @pwsecspirit said:

    Hey so I got access to the magento admin page. But when I am going to "m****** ******t **n***" for uploading it is redirecting me to /***n***er , But there is no page/dir like it and that is why it's showing me 404 , is this expected?

    Sorry for my bad english,

    I read from another post saying that it has been removed because of instability issues for years..

    So there is other method for uploading my file?

    There is no upload needed... what I read/told, there are other methods... as I was told: use Google-Fu" so.. that was it.. I had same issues so, took a break from it.

    Pwn3d , thanks

  • @elHaxor what have you already done? Where are you stuck?

    borari

  • Got User and Root. Took a week but hey what else do I have to do.. Nothing thats what.

    If anyone needs help let me know.

    Hack The Box

  • Any hint ? Iam not that familiar with Magento

  • @cyberfeminist CVE will get you in the door, then you just need to keep plugging away at it :)

  • DOW******R Note Found == 404

    admin panel down: / just for me or everyone?

  • Type your comment> @emp1 said:

    DOW******R Note Found == 404

    admin panel down: / just for me or everyone?

    Wrong direction... it was taken down according to feedbacks on this particular path...

  • Type your comment> @Ir0nGe3ks said:

    Type your comment> @emp1 said:

    DOW******R Note Found == 404

    admin panel down: / just for me or everyone?

    Wrong direction... it was taken down according to feedbacks on this particular path...

    ohhh man, thanks :)

  • Type your comment> @emp1 said:

    DOW******R Note Found == 404

    admin panel down: / just for me or everyone?

    Wrong direction... it was taken down according to feedbacks on this particular path...

    ohhh man, thanks :)

    No worries, having issues myself too...

  • Rooted, fun box, quite OSCP-Like. Enjoyed learning something new about m**** portal and learnt a new type of attack :D

  • edited September 2019

    I runned the php after upload and i spawned a web shell, but when I try to get a reverse shell doesn't work....

  • Type your comment> @borari said:

    @elHaxor what have you already done? Where are you stuck?

    on the preview of template .i dont know if i do it right or i miss something

  • Need help in getting a shell on this machine, I got admin panel access tried frog******* and bunch of other stuff but couldn't get a shell .I could really use a hint

  • edited September 2019

    Need some hints too have got to access the admin panel but can't use the connect manager method and don't understand the frog method.

    Edit: trying 37811.py but getting this error:

    no control matching name 'login[password]'

  • Type your comment> @N4pp3r said:

    Need some hints too have got to access the admin panel but can't use the connect manager method and don't understand the frog method.

    You need to look for an Magento vulnerability

  • Type your comment> @Grasshopper said:

    Type your comment> @N4pp3r said:

    Need some hints too have got to access the admin panel but can't use the connect manager method and don't understand the frog method.

    You need to look for an Magento vulnerability

    Are you able to PM me to see if im on the right track?

  • can any body give me a hint i stuck in admin panel please PM me i will be very thank full

  • Finally got shell and user now working on root

  • Can someone give me a hint on the user shell please?

  • When I try to access /downloader/ I get a "Not found" response. I don't know if I have to do something to access it, I'm already in the magento admin panel..can anyone help?
    A couple of weeks ago I tried it and didn't get this kind of error

  • Type your comment> @PrimeSocK said:

    When I try to access /downloader/ I get a "Not found" response. I don't know if I have to do something to access it, I'm already in the magento admin panel..can anyone help?
    A couple of weeks ago I tried it and didn't get this kind of error

    wrong directions... don't focus on the downloader because as mentioned before several times, it was removed due to lack of stability... so it was fixed...

Sign In to comment.