Wall

Only been able to get netcat to connect back so far, but nothing interactive, and definitely no reverse shell. Frustrating, but fun nonetheless.
Escaping the forbidden chars and command calls isn’t hard once you get it, but getting around/through the wall stays problematic for now.

Rooted! Annoying but fun box!

Rooted
Fun and good machine.

Got shell as ww*-****… I know a path to root… but it will take a loong time :frowning:

Still enumerating to find a way to get root faster. Any clues? :slight_smile:

I’ve also got the ww**** shell, i’ve done the enum but i cannot see nothing out of ordinary, any hint ?

Oh nvm… Got it.

Pay attention on the linenum output. :smiley:

So, I barely got anything out of gobuster besides /s*-s* and /m*. I got the a*.php and p*.php guessing from your comments…
Could someone hit me up to give me tips for better enums?
I’m kinda super fucking lost in this box

Can somebody help me with getting the shell? I got it already yesterday, but now it is not working anymore.

Hey guys, I have the exploit for c******* and everything I need but I am stuck. Please, please DM me for further information!

Type your comment> @BinaryStrike said:

I’ve also got the ww**** shell, i’ve done the enum but i cannot see nothing out of ordinary, any hint ?

Try to find any privesc based on permissions, or abuse with some executable made by root in any directory…

Just by using basic enumeration commands you will break the wall

Got it, thanks for the machine @askar !

Rooted, from w**-a to root, I need to know how I can do it from w-a then shy user then root, I got shy user creds but how I can go for root without sc* exploit.

Please anyone have an Idea PM.

Guys can someone please help me with the c******* exploit. At the end, it says "Check your netcat listener " but I don’t get any shell.
Can someone PM me please
thanks

I modified the script and have the login creds, but am struggling with the payload for the next stage. Could someone please dm me a hint?

Edit: nevermind figured it out. Have www-data :mrgreen:

I think exploit script is working, you need special payload instead ncat…

I need some help with privesc. I have ww***** shell and enum but can see the way to continue with it… PM me a hint please

Restart M… Eng,… after every try

Rooted, didn’t enjoy the box I’m sorry to the creator. These hints I wished I knew when I was doing the box. from w******a to root

Enum Hints:

  1. There is a hidden directory that dirb cannot find with normal wordlists… OSINT is the key

  2. [this is an issue that I had personally] the known way to do this box did not work for me, I had to find an alternative way for RCE… more enumeration will get you what you exactly want

Root Hint : enumerate for un-patched software

PM if you need help with the box and star my profile if this helped!

Guys, I have got the www-xxxx@Wall:/usr/local/cxxxxn/www$ shell. Lost completely here, could anyone please help guide me by PM - thank you in advance. +respect :slight_smile:

now on wwwdata to get further. Was stuck for ages on the pwd part with my scripts. in the end, check your variables you use for your attempts.
echo / print is key to validate all good :wink:
I had errors in bash and in python. once those where fixed, few seconds…
thanks for the hints! will proceed