Networked

Tip for user: Enumerate the website with things such as nmap, dirbuster; Download and learn to use Burpsuite, add additional extensions and additional information after you do the certain thing, Google listening with Kali linux or parrot OS. Need to know the very basics of the operating system architecture and where things are once you gain your shell. A kitty cat might help you find the flag.

This is my second box so very new here… managed to get interactive shell as a*****, seen some interesting files C****.a*****.*** and seen the c***.g*** think i know what to do but unsure of syntax, anyone around, please pm for tips?

I’ve managed to get user it was my syntax … cp and “” is your friend

Got root now too

Hi @ all for those which get so far in this forum i think you’re stuck :wink:
Hope i can help you or point in the right direction!

My hints for you:

Initial:
Do your basic enum on a website when you find something interesting download it and open ! There you can find what is allowed and also look what is uploaded by server !
You have all what is needed to trick the server (if not google for vulernabilities/ what you want to do!)

User:
Take a closer look in there who you want to be! Read file and think about what this means (if you’re not a programmer!) → look closer in the tail of file and where you have to put it and also think about what you’ve done before to get initial shell!

Root:
If you managed to get User so far this will be easy for you trust me!
What is the first you do if you get a shell?(No not searching for user.txt and root.txt!)
The other thing with basic enumeration there you got another file ! Don’t trust the file what it is doing do your own thing and google what is in the file and how you can do your own thing!

Hope i this hints help you !

Fell free to PM or RESPECT and HELP others who need your help we are all learning!

I could use some help reading a certain php file. I’m having a lot of trouble understanding what the code is doing. I would like to learn more about php and could use some guidance.

Hey thanks very much for this box, I had a great time working on it and improved my workflow + learned a couple of things. The box is nice and logical and it held my hand just enough to let me walk through it at my own pace.

My only advice is to always be enumerating. You first see the box? Enumerate. You find something there? Enumerate it. First foothold? Enumerate baby yeah. Escalated your privilege? Yeah you’re going to want to enumerate, even if you’ve done it before.

Type your comment> @KarmicElk said:

I could use some help reading a certain php file. I’m having a lot of trouble understanding what the code is doing. I would like to learn more about php and could use some guidance.

I am also struggling with the PHP file! @KarmicElk I assume you mean c****_k.php. I have used the php docs, what i have could figure out until now is that the file send a message to user gy, it uses a function from the file l.php to wipe out all files who doesn’t meet this condition and also exclude file ix.html. The files who must to be wiped out are logged into /t/a****k.log so it can used by the execute command in the php file to delete this files.

The c******.***y file is the trigger for this PHP file to start file but I haven’t found way to manipulate it.

That’ll what i have can figure out of it but unfortunately I don’t see the clue, So PLEASE HELP US OUT!!!

Overthinking caused me to take 3 days extra. Easy machine if you stick to basics.

Type your comment> @daemon37 said:

Overthinking caused me to take 3 days extra. Easy machine if you stick to basics.

I have the feeling indeed that I am overthinking it, I am already 4 days far with it. Please PM with some tips, I think you know the feeling…

■■■■ cant find the exploitable file for root. Where is that chn*.sh you are all talkin about.Am I on the wrong machine? Looked for all suid files and it is not there…

I got initial shell, looked in user home at the two files, ran through the php functions but do not understand how to PE from here. Dm a hint please? Thanks

also stuck on user. i have a low priv shell but can’t seem to PE. any help appreciated.

Can anyone give me a hand getting the user, i’ve tried so many different things now. i have a shell on the box and found the C****-A******.php file and been reading it and trying different ways to exploit it but cant get it working.

please help me by PM!

Happy hacking!

The only issue in this box for me was trying the box on an offline Apache server due to which I wasted hours on being unable to exploit the vulnerability for getting shell. Rest of the box was quite easy. I suppose this is the easiest box in the current line up.

Fellow HTB buddies can drop a PM if they need help.

does the uploaded file need to end with php or an image extension

Hi guys!
I am really stuck on user – I have a shell but need a little bit of a push/what direction to head in to get access to the flag. I have a few ideas… can anyone hit me up with a message if they have a sec?

Thanks!

Finally rooted! This was simple but also infuriating…

Can anyone give me a nudge? I am trying to get php running (loaded a reverse shell file). But no luck triggering it (using phpinfo(); to confirm). Also found a nice 2*****.c exploit for C*****n but somehow won’t compile, not sure if it is a rabbit hole.

I’m stuck! I know nothing about bh, so I have no clue what to do with the c****a***-file. Can someone please message me? I’m learning, just not fast enough =)

Type your comment> @Impulse said:

Read this …
U get root within seconds !! :slight_smile:
Frejus Cherche Sage Femme - Incontri Eur Lombardia

haha seems fishy> @Impulse said:

Read this …
U get root within seconds !! :slight_smile:
Frejus Cherche Sage Femme - Incontri Eur Lombardia

lol beef hooK?

Well this is my first box, I uploaded shell, run ca.php, saw cn*.sh and still can’t figure out how to get user and root. I’ll be very appreciative for a nudge.