Networked

Type your comment> @imd said:

Well this is my first box, I uploaded shell, run ca.php, saw cn*.sh and still can’t figure out how to get user and root. I’ll be very appreciative for a nudge.

which user are u now?

Type your comment> @Othell0 said:

Type your comment> @imd said:

Well this is my first box, I uploaded shell, run ca.php, saw cn*.sh and still can’t figure out how to get user and root. I’ll be very appreciative for a nudge.

which user are u now?
apache

Type your comment> @imd said:

Type your comment> @Othell0 said:

Type your comment> @imd said:

Well this is my first box, I uploaded shell, run ca.php, saw cn*.sh and still can’t figure out how to get user and root. I’ll be very appreciative for a nudge.

which user are u now?
apache

Yes try to discover what ca.php does and look for a way to exploit this for escalation

any hint for the user or root
P.M

I need help with the user, can someone please pm me?

Any hints about the linenumber I need to look at for root? and maybe some documentation that might be handy for this?

rooted it, learned something there

Finally got user and root today! Been at it for a couple days on and off. Very new to all this so many thanks to @OxLumens and @rholas for some hints along the way! Great learning experience and my first box.

can anyone help me with networked machine. I gained a low privilege shell first. Then, i browsed to the /html dir where I found 4 php files and also c****_aphp on another dir. I got a hint to create a file in /u dir to get user. Then i went to get user and i found that a user has already created that file. I created the same file and it worked. But, I am unable to completely understand how it’s working. I read the php files and got some idea but, I can’t completely get it to the verge of getting the idea to create that file and execute it correctly.

Finally rooted. PM for hints.

I had difficulty with root, after reading suggestions for fuzzing the script it became very clear. I learned a lot from this machine even though some parts were difficult.

Hi there, I’m a newbs here and networked is actually my first box. Getting the userflag was pretty easy given we litteraly have the source code but … I can’t get the password from the hash, seems like it’s not in the crackstation db nor in the leaks i’ve collected -_-', can someone pm me the pwd in clear || some hint so i can continue to root ?

/e: Finally PWND, big thanks to @Othell0

You dont need to crack the user.txt. This is the goal, just paste it to the site

thank you so much @vider and @OxLumens for your great support.

@vider once again thanks a lot.

Noob here, I’m stuck and can’t figure out how to change my payload to something that will be uploadable. A seriously strong hint or pm would be greatly appreciated

You can gather all the pieces to the puzzle if you carefully read all you’re given. Nothing is hidden from you in this machine so it is up to you to spot the weaknesses.

user:
really examine what the script is doing
maybe you can hijack the functionality

root:
Same thing understand what the script does
all the pieces are there just understand how it works
maybe the way we perceive numbers can be changed to accomplish something

Got User but really stuck on root.

I think i found the necessary file, also have some ideas.
But every input fails, i always get permission errors…
Any kind of help is highly appreciated :slight_smile:

Type your comment

Need some direction with user…can see the user.txt file and php files but need some direction on how to leverage what is there…any insight would be helpdful

Finally rooted this box. Learned two or three things.
Feel free to PM me if you are stuck or need some help !