■■■■ cant find the exploitable file for root. Where is that chn*.sh you are all talkin about.Am I on the wrong machine? Looked for all suid files and it is not there…
I got initial shell, looked in user home at the two files, ran through the php functions but do not understand how to PE from here. Dm a hint please? Thanks
Can anyone give me a hand getting the user, i’ve tried so many different things now. i have a shell on the box and found the C****-A******.php file and been reading it and trying different ways to exploit it but cant get it working.
The only issue in this box for me was trying the box on an offline Apache server due to which I wasted hours on being unable to exploit the vulnerability for getting shell. Rest of the box was quite easy. I suppose this is the easiest box in the current line up.
Fellow HTB buddies can drop a PM if they need help.
Hi guys!
I am really stuck on user – I have a shell but need a little bit of a push/what direction to head in to get access to the flag. I have a few ideas… can anyone hit me up with a message if they have a sec?
Can anyone give me a nudge? I am trying to get php running (loaded a reverse shell file). But no luck triggering it (using phpinfo(); to confirm). Also found a nice 2*****.c exploit for C*****n but somehow won’t compile, not sure if it is a rabbit hole.
I’m stuck! I know nothing about bh, so I have no clue what to do with the c****a***-file. Can someone please message me? I’m learning, just not fast enough =)
Well this is my first box, I uploaded shell, run ca.php, saw cn*.sh and still can’t figure out how to get user and root. I’ll be very appreciative for a nudge.
Well this is my first box, I uploaded shell, run ca.php, saw cn*.sh and still can’t figure out how to get user and root. I’ll be very appreciative for a nudge.
Well this is my first box, I uploaded shell, run ca.php, saw cn*.sh and still can’t figure out how to get user and root. I’ll be very appreciative for a nudge.
Well this is my first box, I uploaded shell, run ca.php, saw cn*.sh and still can’t figure out how to get user and root. I’ll be very appreciative for a nudge.
which user are u now?
apache
Yes try to discover what ca.php does and look for a way to exploit this for escalation