Swagshop

1353637383941»

Comments

  • Type your comment> @rawzone said:

    It ain't broken! - @garffff Look for a different route if some backend parts aint working... (It might be disabled, read the forum for more info ;) )
    Also for the people resetting the box - No need, it IS working.

    Pings to the box keep on dying. Right in the middle of something then it goes down again, comes back up for a little then back down

  • @garffff The server i was connected to had a lot of resets of the box check the Shoutbox on the website for a way to keep it from resetting in the progress...
    It was slow for me as well and had to keep the resets at a minimum in the progress as it's a bit lengthy - At Least the way i got my propper foothold...

    Feel free to DM me on the website if you need a hint.

    // rawzone

    Hack The Box

  • Rooted, props to joenibe for the hints. The resets are annoying though. Got reset at least 5 times just as i was closing in on root.

  • Type your comment> @rawzone said:

    @garffff The server i was connected to had a lot of resets of the box check the Shoutbox on the website for a way to keep it from resetting in the progress...
    It was slow for me as well and had to keep the resets at a minimum in the progress as it's a bit lengthy - At Least the way i got my propper foothold...

    Feel free to DM me on the website if you need a hint.

    Don't need hints yet, I am sure I can figure it out from the hints in this forum :)
    Just need a stable box. I am still struggling to get a shell but I think I am on the correct track

  • Got the user in between the resets, trying to get root but same problem :smile:

  • Got user and rooted using froghopper attack. Read carefully the instructions.

  • Rooted in between the resets

  • @garffff Wuu hu! Gz on the box! :smile:

    // rawzone

    Hack The Box

  • edited September 2019

    I just did a quick search in google and magento backdoor brings up a github link. Currently trying to figure it out and use it possibly . For anyone that is stuck after admin login give it a try and let me know If you figure anything out.

  • Got to the admin panel, and got stuck. Have no idea to upload shell payload since the CM is disabled. Can someone PM hints ?

     

  • Could someone nudge me over where to upload/how to get the reverse shell?
    Thanks, PM me
  • Rooted! My first box ever! :smiley:

    Feel free to PM me if you need a hint .

  • Between resets and backend timeouts... this is practically impossible to figure out... geez

  • finally rooted! Nice machine but users made it harder to solve.

  • Type your comment> @bipolarmorgan said:

    Between resets and backend timeouts... this is practically impossible to figure out... geez

    I had this problem, make sure you have a plan on what you need to do and go through it quickly before somebody resets

  • Kinda stuck on the last part.Can any1 PM me a hepfull pointer towards root escalation? Cheers

  • You should check logs, tasks, processes, who are you, what you are allowed to do,

  • Finally after many hours of hard work...I finally got root :)

  • Hi guys, this is my very first machine and I already learning a lot. Yet, I'm still stuck in frog hopper... I'm not sure if I should use a backdoor script or a shell (I don't even know this things). and this machine is going to retire in 1 day so I'm in a rush to get root.

    please help!

  • Rooted! thank you @letMel00kDeepr for helping me on both users... the user was very taff because a lose a lot of time trying to get /downloader page (without read the information on this forum)...

    Just now I saw the box is retired. Very Sad, but true.

    If you appreciate my help, please give +1🌟

  • hi guys; I'm stuck with uploading the shell .... any hints????

  • I was told that it was normal not to visualize the site content and that i had to work with it, but now, watching ippsec tutorial he can load easily the site. Is it because he did the machine before it broke?

  • Hey, I have a shell and realize I have to run Vi with sudo but I can't escape the shell in to a terminal to run this I just keep getting 'sudo: no tty present and no askpass program specified' - any ideas?

  • I am able to run a php script (checked with phpinfo), but the reverse shell is not connecting. No errors on the web page, I just get nothing. I tried multiple ports including those open on swagshop. I checked I had no firewall blocking these ports.
    I run this from a VM in case it helps.
    Any hints?

    @SaMUTa check the forum and google froghopper. Good luck.

  • @Malvik said:

    Can someone help me with the 2nd py? It won't work and I am pretty sure I have the right one.

    Or guide me on the right path? Already have admin access to m******.

    @bestion2 said:

    same error bro .....

    Did You solved it?
    is it something like 3***1.py? then just uncomment a manual entry to the mechanize!
    Adjust the script with some date(s) and re-run.

  • This box would've been easier if it wasn't getting reset so much...

  • am pretty new to HTB and pentesting, have done the nmap scan, used nikto for port 80 enumeration, i don't know how to move forward can anybody help

    NOTE: have seen a lot of write up on it via but am not ready to read them cos i believe i wont learn from it instead i try to exploit it myself with some hints offcourse

Sign In to comment.