Networked

rooted it, learned something there

Finally got user and root today! Been at it for a couple days on and off. Very new to all this so many thanks to @OxLumens and @rholas for some hints along the way! Great learning experience and my first box.

can anyone help me with networked machine. I gained a low privilege shell first. Then, i browsed to the /html dir where I found 4 php files and also c****_aphp on another dir. I got a hint to create a file in /u dir to get user. Then i went to get user and i found that a user has already created that file. I created the same file and it worked. But, I am unable to completely understand how it’s working. I read the php files and got some idea but, I can’t completely get it to the verge of getting the idea to create that file and execute it correctly.

Finally rooted. PM for hints.

I had difficulty with root, after reading suggestions for fuzzing the script it became very clear. I learned a lot from this machine even though some parts were difficult.

Hi there, I’m a newbs here and networked is actually my first box. Getting the userflag was pretty easy given we litteraly have the source code but … I can’t get the password from the hash, seems like it’s not in the crackstation db nor in the leaks i’ve collected -_-', can someone pm me the pwd in clear || some hint so i can continue to root ?

/e: Finally PWND, big thanks to @Othell0

You dont need to crack the user.txt. This is the goal, just paste it to the site

thank you so much @vider and @OxLumens for your great support.

@vider once again thanks a lot.

Noob here, I’m stuck and can’t figure out how to change my payload to something that will be uploadable. A seriously strong hint or pm would be greatly appreciated

You can gather all the pieces to the puzzle if you carefully read all you’re given. Nothing is hidden from you in this machine so it is up to you to spot the weaknesses.

user:
really examine what the script is doing
maybe you can hijack the functionality

root:
Same thing understand what the script does
all the pieces are there just understand how it works
maybe the way we perceive numbers can be changed to accomplish something

Got User but really stuck on root.

I think i found the necessary file, also have some ideas.
But every input fails, i always get permission errors…
Any kind of help is highly appreciated :slight_smile:

Type your comment

Need some direction with user…can see the user.txt file and php files but need some direction on how to leverage what is there…any insight would be helpdful

Finally rooted this box. Learned two or three things.
Feel free to PM me if you are stuck or need some help !

Finally rooted after 3 days. Wouldn’t have done it without the hints on here tho… Kudos to those fine people

@ZeWanderer PM me if you need any help

Fun box! - Enjoyed this. User was the most annoying part. Learnt some good things here. one switch in particular I had not used c(s)een before. Ping me for any hints if you need.

Nice machine from Guly with interesting little tricks. I wouldn’t have been able to solve it without reading several pages of this thread. Don’t overthink PHP

Have tried several methods to get a shell. Could someone link me a good site on getting shells or give me a hint on the correct method. Thx in advance.

Rooted this yesterday. Nice misconfiguration/setup that matches some things I’ve seen in the real world.

Hints:
Initial access: Find the interesting pages, figure out how they work (there is a major hint if you look around ) , exploit the oversight in the M*** handling
User shell: Find the interesting script, find when and why it triggers, figure out a way to trigger it in a way that furthers your access
Root shell: Enumerate well, find the other interesting script (note the name of the box), maybe google how to exploit it, but honestly shouldn’t be too hard to figure out if you just try stuff.

Please report if too spoilery

Feel free to DM for hints.