Networked

Now that i’ve rooted this box, could someone explain how the user exploit works? Not sure I understand exactly what is happening

all right guys i feel like i understood some of what you said in this 17 comment pages but right now im not even sure i got to the first shell :frowning:

i’ve found the backup.tar and i have looked on how we could upload some file in order to insert a php script … is that the things to do or am i completly lost ? please save meee ^^

Spoiler Removed

I am totally stuck at apache, can someone give me good resources on how I remove the permission in a file, i tried all I search but nothing works totally noob here, please give me some hints

Type your comment> @Holyrogue said:

So just out of curiosity the /uploads page is there a reason why when the machine resets all i receive is a " . " on the page any not any of the uploads?

same here

Can someone give me some help to user? I read all the suggestions in these pages, but I don’t understand how to TOUCH c****_a*****.p**. You can also help me with PM. Thanks.

Just rooted. Actually is quite an easy box but gave me some pain the root part. Enumeration part was quite straightforward, but the script exploit part… why that even works?

I am in this frustrating point (after getting the low-priv shell), where you are looking at a code, you know/imagine what has to be done, yet due to poor PHP knowledge you cannot find out the magic combination to achieve it!


Update, got the user flag! getting back tomorrow for root. Nice trick and something new learned!

So is it normal that u***.t** and the rest of the files in g*** have nothing?

Enjoyed this one… some nice privesc techniques.

HEy guys, i know where to touch with the low priv shell(before user), but i don’t know who to do the correct touch there because forward slashes are not allowed in that names… googles the whole internet for hours… i am stuck… any hint would be recommended (or PM ) thanks!!

EDIT: got it… >.<

Now on root… found the script which refers to the machines name… any nudge would be great…

EDIT2: rooted - finally, learned a bunch of new stuff

Finally rooted (: ********.sh is a bit confusing but fun :slight_smile:

Super n00b here, first box attempt. Really enjoying the challenge but having a lot of trouble getting the initial foothold. I’ve tried to use burp to edit all the things (including magic byes) and using a double exe on the file but no luck. Any help you guys can provide would be really appreciated :slight_smile:

Rooted after a whole day’s work. My first box here. Thank you so much everyone who posted hints here. Shoutout to @rholas

Rooted :slight_smile:

Tips:
Foothold: simple enumeration should allow you to fully understand how the webapp works. Then, it should be quite clear what to do.

User: Find thing, understand how you can control the thing’s input

Root: Again, basic enumeration should yield a direction. Then… it gets weird. Like many before me I don’t fully understand what happens there. Trial and error does the trick, but I will appreciate a DM if someone has some useful links on the matter.

Also feel free to DM me for futher tips if you need :slight_smile:

Hey guys, really stuck on this php script part and the command to inject.
Can someone please PM me and push me int he right direction?

I have been struggling with this box for over 4 hours now. Can anyone give a hint or something about c_a? also found a weird .sh file which had some sort of netcat connection to it, but when executed, landed straight back onto apache

Edit: User owned.

Will keep digging for root

Edit2: Root owned.

amazing box, was fun to dig around in :slight_smile:

Stuck on root - please DM a tip :slight_smile:

I don’t get why the c…n…sh does not write to the file where it should, others are able to obviosly - i can see their changes (i’m user g…)

So I found the u*****.php page, figured I need to put something inside an image, but so far no matter what I upload I get an error and can’t get a shell. Anyone want to give me a hint?