Networked

So is it normal that u***.t** and the rest of the files in g*** have nothing?

Enjoyed this one… some nice privesc techniques.

HEy guys, i know where to touch with the low priv shell(before user), but i don’t know who to do the correct touch there because forward slashes are not allowed in that names… googles the whole internet for hours… i am stuck… any hint would be recommended (or PM ) thanks!!

EDIT: got it… >.<

Now on root… found the script which refers to the machines name… any nudge would be great…

EDIT2: rooted - finally, learned a bunch of new stuff

Finally rooted (: ********.sh is a bit confusing but fun :slight_smile:

Super n00b here, first box attempt. Really enjoying the challenge but having a lot of trouble getting the initial foothold. I’ve tried to use burp to edit all the things (including magic byes) and using a double exe on the file but no luck. Any help you guys can provide would be really appreciated :slight_smile:

Rooted after a whole day’s work. My first box here. Thank you so much everyone who posted hints here. Shoutout to @rholas

Rooted :slight_smile:

Tips:
Foothold: simple enumeration should allow you to fully understand how the webapp works. Then, it should be quite clear what to do.

User: Find thing, understand how you can control the thing’s input

Root: Again, basic enumeration should yield a direction. Then… it gets weird. Like many before me I don’t fully understand what happens there. Trial and error does the trick, but I will appreciate a DM if someone has some useful links on the matter.

Also feel free to DM me for futher tips if you need :slight_smile:

Hey guys, really stuck on this php script part and the command to inject.
Can someone please PM me and push me int he right direction?

I have been struggling with this box for over 4 hours now. Can anyone give a hint or something about c_a? also found a weird .sh file which had some sort of netcat connection to it, but when executed, landed straight back onto apache

Edit: User owned.

Will keep digging for root

Edit2: Root owned.

amazing box, was fun to dig around in :slight_smile:

Stuck on root - please DM a tip :slight_smile:

I don’t get why the c…n…sh does not write to the file where it should, others are able to obviosly - i can see their changes (i’m user g…)

So I found the u*****.php page, figured I need to put something inside an image, but so far no matter what I upload I get an error and can’t get a shell. Anyone want to give me a hint?

Type your comment> @n0bf said:

So I found the u*****.php page, figured I need to put something inside an image, but so far no matter what I upload I get an error and can’t get a shell. Anyone want to give me a hint?

So I figured out the error and can get the files uploaded but can’t get the call back. I’m open to any hints.

Type your comment> @n0bf said:

So I found the u*****.php page, figured I need to put something inside an image, but so far no matter what I upload I get an error and can’t get a shell. Anyone want to give me a hint?

hey :slight_smile: any hint on how to make the file uploaded ? i believe it has something to do with the size of the script right ? :confused: pm me to avoid any spoile please :slight_smile:

Size doesn’t matter. At least that’s what I keep telling my … not important now.

You have the code that does the checking (you do, don’t you? If not, enumerate and maybe you find something). What does the code check for? How can you fool it into letting your “image” pass the upload filter?

Finally rooted. My tip: use a shell with stderr displayed.

Rooted !
I enjoyed this box, easy but at the end you learn some stuff, it was interesting, i apreciated.
If someone want some nudge , feel free to write me

enjoy guys

rooted! Thx for the hints

So i’m pretty sure i’m on the right track, but I can’t see anything but a " . " in the u… folder. Yesterday I could see other peoples files there, but now nothing. Anyone has any idea as to why?

Type your comment> @Darkless said:

So i’m pretty sure i’m on the right track, but I can’t see anything but a " . " in the u… folder. Yesterday I could see other peoples files there, but now nothing. Anyone has any idea as to why?

Check some files and see what happens when you upload something and where does it go. If it says that the upload is successful than the file is uploaded. Check which pages you can open. From there on I am stuck as well.