Networked

I have uploaded my ie file and now have a shell as ae, I see an u**d form in lb but donā€™t understand what I am supposed to do with it. any hints?

EDIT: got User thanks to @BReeD !

Now for rootā€¦

Type your comment> @Impulse said:

Read this ā€¦
U get root within seconds !! :slight_smile:
Frejus Cherche Sage Femme - Incontri Eur Lombardia

jeezā€¦even with iā€™m not able to find which commands to use when running the c********e.sh scriptā€¦

Type your comment

PM me if u stuck

good one ā€¦

finally r00ted!!

big thanks to @rholas and @Freak2600 giving hints for root.

nice fun box :smiley:

Rooted!
Tip for Root: Locate the file, cat the file and understand what itā€™s doing, donā€™t forget the sudo, make sure to keep it simple. The most simple you can possibly keep it.

i am stuck on Aā€¦e , how can i get user? use netcat ,but get only that Aā€¦e shell. any hints for user?

Tip for user: Enumerate the website with things such as nmap, dirbuster; Download and learn to use Burpsuite, add additional extensions and additional information after you do the certain thing, Google listening with Kali linux or parrot OS. Need to know the very basics of the operating system architecture and where things are once you gain your shell. A kitty cat might help you find the flag.

This is my second box so very new hereā€¦ managed to get interactive shell as a*****, seen some interesting files C****.a*****.*** and seen the c***.g*** think i know what to do but unsure of syntax, anyone around, please pm for tips?

Iā€™ve managed to get user it was my syntax ā€¦ cp and ā€œā€ is your friend

Got root now too

Hi @ all for those which get so far in this forum i think youā€™re stuck :wink:
Hope i can help you or point in the right direction!

My hints for you:

Initial:
Do your basic enum on a website when you find something interesting download it and open ! There you can find what is allowed and also look what is uploaded by server !
You have all what is needed to trick the server (if not google for vulernabilities/ what you want to do!)

User:
Take a closer look in there who you want to be! Read file and think about what this means (if youā€™re not a programmer!) ā†’ look closer in the tail of file and where you have to put it and also think about what youā€™ve done before to get initial shell!

Root:
If you managed to get User so far this will be easy for you trust me!
What is the first you do if you get a shell?(No not searching for user.txt and root.txt!)
The other thing with basic enumeration there you got another file ! Donā€™t trust the file what it is doing do your own thing and google what is in the file and how you can do your own thing!

Hope i this hints help you !

Fell free to PM or RESPECT and HELP others who need your help we are all learning!

I could use some help reading a certain php file. Iā€™m having a lot of trouble understanding what the code is doing. I would like to learn more about php and could use some guidance.

Hey thanks very much for this box, I had a great time working on it and improved my workflow + learned a couple of things. The box is nice and logical and it held my hand just enough to let me walk through it at my own pace.

My only advice is to always be enumerating. You first see the box? Enumerate. You find something there? Enumerate it. First foothold? Enumerate baby yeah. Escalated your privilege? Yeah youā€™re going to want to enumerate, even if youā€™ve done it before.

Type your comment> @KarmicElk said:

I could use some help reading a certain php file. Iā€™m having a lot of trouble understanding what the code is doing. I would like to learn more about php and could use some guidance.

I am also struggling with the PHP file! @KarmicElk I assume you mean c****_k.php. I have used the php docs, what i have could figure out until now is that the file send a message to user gy, it uses a function from the file l.php to wipe out all files who doesnā€™t meet this condition and also exclude file ix.html. The files who must to be wiped out are logged into /t/a****k.log so it can used by the execute command in the php file to delete this files.

The c******.***y file is the trigger for this PHP file to start file but I havenā€™t found way to manipulate it.

Thatā€™ll what i have can figure out of it but unfortunately I donā€™t see the clue, So PLEASE HELP US OUT!!!

Overthinking caused me to take 3 days extra. Easy machine if you stick to basics.

Type your comment> @daemon37 said:

Overthinking caused me to take 3 days extra. Easy machine if you stick to basics.

I have the feeling indeed that I am overthinking it, I am already 4 days far with it. Please PM with some tips, I think you know the feelingā€¦

ā– ā– ā– ā–  cant find the exploitable file for root. Where is that chn*.sh you are all talkin about.Am I on the wrong machine? Looked for all suid files and it is not thereā€¦

I got initial shell, looked in user home at the two files, ran through the php functions but do not understand how to PE from here. Dm a hint please? Thanks

also stuck on user. i have a low priv shell but canā€™t seem to PE. any help appreciated.

Can anyone give me a hand getting the user, iā€™ve tried so many different things now. i have a shell on the box and found the C****-A******.php file and been reading it and trying different ways to exploit it but cant get it working.

please help me by PM!

Happy hacking!