Networked

Pretty cool box, was having a frustrating time with it before using nc flags though.

Feel free to PM for hints.

Rooted! if anyone needs help on this machine, feel free to PM me for hints.

R000TT ■■■■ ya! Good box!!! Good times!!!

Can anyone help me with getting user? I’ve got a shell and can see the php file in home/g***. I’ve cat it but have no idea what I’m supposed to do with it?

I’ve been stucked for days. Still trying to upload my shell. I know what to do but despite the fact that the upload is successful, the gallery is empty. What do i miss? Can someone PM me to put me on the right track please?

Could someone PM me about initial foothold? I know what I need to do but have never played around with this so unsure how to get it to pull off my server for upload.

is the display****() function supposed to be shown on u******/ ? Or do you have to craft your own request? I am only getting a " . " as a reply every time I try upload via a manually crafted POST request.
Or am I targeting the wrong URI :)?

EDIT: enumerated some more and have my reverse shell now ^^

Type your comment> @DrD3ath said:

Hints for both user and root:
https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt

This is a fun box; and the exploits all seemed to be a similar theme which I enjoyed. Especially coming from a mostly Windows background.

Finally someone sharing some constructive knowledge with the community.

Hint: sometimes giving yourself “space” and “then adding what you need” works wonders.

User was fun, root meh not so much, nice box though thanks.

Rooted! If anyone need hints, dm me

I have uploaded the shell but I have not managed to escalate privileges, can someone guide me a little?

Rooted but I think I got it through googling. May anyone explain to me why that specific char can be used to command execution? I don’t quite understand the logic behind it. Thanks!

i have uploaded my shell using double extension, but can’t get the session. the up***** dir shows “.” (dot). i tried calling the file name through u******/file_name but got 404…

help and DMs would be extremely appreciated :slight_smile:

S> @osmus said:

Not sure how to get escalation after i get my shell. I’ve read _.php but im not sure what I need to do with it. Any nudges would be appreciated.

So I’m able to touch the file and the nc connects but the listener closes immediately. Does anyone know why that happens?

rooted (eventually) nice, though irritating at times, box

hello
i am stuck in Priv esc. Does someone want to help me in here?

Can someone message me. I have a shell as apache and have looked at the files in home but cannot figure out where to go next. I saw where people would touch a file and I saw that the wildcard document. A little help would be greatly appreciated.

Not familiar with PHP & kinda stuck atm, but also on a caffiene crash. 0x edited payload & upload was successful but cant get it to execute. Any tips?

Was making this box way more complicated than it needed to be lol. Rooted, let me know if you need help

Basic shell, got user, got root. Spent today on it, took me about 8 hours start to finish. Not bad for a noob.

Got a basic shell with u*****.php, but now im stuck. cant read user.txt, cause i have no rights… and cant figure it out how to enumerate those box :confused: can someone pls give me a very gooooood hint or something… pm with a little explanation would be very nice :slight_smile: