I have uploaded my ie file and now have a shell as ae, I see an u**d form in lb but donāt understand what I am supposed to do with it. any hints?
EDIT: got User thanks to @BReeD !
Now for rootā¦
I have uploaded my ie file and now have a shell as ae, I see an u**d form in lb but donāt understand what I am supposed to do with it. any hints?
EDIT: got User thanks to @BReeD !
Now for rootā¦
Type your comment> @Impulse said:
Read this ā¦
U get root within seconds !!
Frejus Cherche Sage Femme - Incontri Eur Lombardia
jeezā¦even with iām not able to find which commands to use when running the c********e.sh scriptā¦
Type your comment
PM me if u stuck
good one ā¦
Rooted!
Tip for Root: Locate the file, cat the file and understand what itās doing, donāt forget the sudo, make sure to keep it simple. The most simple you can possibly keep it.
i am stuck on Aā¦e , how can i get user? use netcat ,but get only that Aā¦e shell. any hints for user?
Tip for user: Enumerate the website with things such as nmap, dirbuster; Download and learn to use Burpsuite, add additional extensions and additional information after you do the certain thing, Google listening with Kali linux or parrot OS. Need to know the very basics of the operating system architecture and where things are once you gain your shell. A kitty cat might help you find the flag.
This is my second box so very new hereā¦ managed to get interactive shell as a*****, seen some interesting files C****.a*****.*** and seen the c***.g*** think i know what to do but unsure of syntax, anyone around, please pm for tips?
Iāve managed to get user it was my syntax ā¦ cp and āā is your friend
Got root now too
Hi @ all for those which get so far in this forum i think youāre stuck
Hope i can help you or point in the right direction!
My hints for you:
Initial:
Do your basic enum on a website when you find something interesting download it and open ! There you can find what is allowed and also look what is uploaded by server !
You have all what is needed to trick the server (if not google for vulernabilities/ what you want to do!)
User:
Take a closer look in there who you want to be! Read file and think about what this means (if youāre not a programmer!) ā look closer in the tail of file and where you have to put it and also think about what youāve done before to get initial shell!
Root:
If you managed to get User so far this will be easy for you trust me!
What is the first you do if you get a shell?(No not searching for user.txt and root.txt!)
The other thing with basic enumeration there you got another file ! Donāt trust the file what it is doing do your own thing and google what is in the file and how you can do your own thing!
Hope i this hints help you !
Fell free to PM or RESPECT and HELP others who need your help we are all learning!
I could use some help reading a certain php file. Iām having a lot of trouble understanding what the code is doing. I would like to learn more about php and could use some guidance.
Hey thanks very much for this box, I had a great time working on it and improved my workflow + learned a couple of things. The box is nice and logical and it held my hand just enough to let me walk through it at my own pace.
My only advice is to always be enumerating. You first see the box? Enumerate. You find something there? Enumerate it. First foothold? Enumerate baby yeah. Escalated your privilege? Yeah youāre going to want to enumerate, even if youāve done it before.
Type your comment> @KarmicElk said:
I could use some help reading a certain php file. Iām having a lot of trouble understanding what the code is doing. I would like to learn more about php and could use some guidance.
I am also struggling with the PHP file! @KarmicElk I assume you mean c****_k.php. I have used the php docs, what i have could figure out until now is that the file send a message to user gy, it uses a function from the file l.php to wipe out all files who doesnāt meet this condition and also exclude file ix.html. The files who must to be wiped out are logged into /t/a****k.log so it can used by the execute command in the php file to delete this files.
The c******.***y file is the trigger for this PHP file to start file but I havenāt found way to manipulate it.
Thatāll what i have can figure out of it but unfortunately I donāt see the clue, So PLEASE HELP US OUT!!!
Overthinking caused me to take 3 days extra. Easy machine if you stick to basics.
Type your comment> @daemon37 said:
Overthinking caused me to take 3 days extra. Easy machine if you stick to basics.
I have the feeling indeed that I am overthinking it, I am already 4 days far with it. Please PM with some tips, I think you know the feelingā¦
ā ā ā ā cant find the exploitable file for root. Where is that chn*.sh you are all talkin about.Am I on the wrong machine? Looked for all suid files and it is not thereā¦
I got initial shell, looked in user home at the two files, ran through the php functions but do not understand how to PE from here. Dm a hint please? Thanks
also stuck on user. i have a low priv shell but canāt seem to PE. any help appreciated.
Can anyone give me a hand getting the user, iāve tried so many different things now. i have a shell on the box and found the C****-A******.php file and been reading it and trying different ways to exploit it but cant get it working.
please help me by PM!
Happy hacking!