Sniper

Thanks @rholas for the root hints

anyone able to give me a nudge on initial foothold. have found some things… but can’t get them to work…

update: ok… so I have a bit more… found a way to get the box to access something I am hosting… but still no further luck

thanks for this amazing box it was really fun. Chris’s boss is such a ■■■■ ■■■■!!!

P.M for nudges friends ?

Excellent and well thought-out box. Thanks a lot @MinatoTW & @felamos !

Type your comment

I still have a question about this box can someone please explain something to me real quick? please e,e

I have the vector for root, but all the payloads i have tried don’t work. Would someone please PM with a nudge? I can share what i have tried so far.

Type your comment> @v01t4ic said:

user:
For anyone like me who is struggling with initial reverse after you get execution search here → http://ippsec.rocks

Any special video

Could someone provide a nudge via PM? I’m looking for LFI with l*** but I’m not finding anything. Am I on the right path? Is there a better tool that I should use?

could also someone give me a nudge in the right direction for RFI/LFI please?

Can anyone help me out with this LFI ?? This l**g parameter doesn’t seem to be vulnerable to any inclusion attack…

Type your comment> @XeN0N said:

Can anyone help me out with this LFI ?? This l**g parameter doesn’t seem to be vulnerable to any inclusion attack…

You can easily dance your way around that one :slight_smile:
Just don’t go for the classics, go for something more modern :slight_smile:

Could somebody give me a hint on root? I found the clues. I just don’t get it

So I am stumped. I am trying to get initial shell. I can read files from my machine easily enough but the minute i try a php file i get sorry page not found. can someone lend a hand?

EDIT: I have just been reminded about windows defender… ■■■■■■ windows!

Hey! I manage to get some creds using RFI, but can’t use the anywhere :frowning: m***l is not responding. Any hints as to where to go from here?

is rce really unreliable? sometimes it stops working for couple of minutes, then it starts working again…

PM for Nuggets

Hack The Box

Hi, I have found the LFI, and got to know from hints that I need to make it “remote” from “local”. I tried executing a remote php script but It didin’t work. I can’t see any web page request in my SimpleHTTPServer. But I can see the Ping ICMP requests on my system from the target system. Can anybody give me a nudge? Thank you! :slight_smile:

Type your comment> @xscorp7 said:

Hi, I have found the LFI, and got to know from hints that I need to make it “remote” from “local”. I tried executing a remote php script but It didin’t work. I can’t see any web page request in my SimpleHTTPServer. But I can see the Ping ICMP requests on my system from the target system. Can anybody give me a nudge? Thank you! :slight_smile:

For exploiting an RFI vulnerability you can use more than one methods. Use Google to confirm this statement.

Would anyone be able to give me a nudge,
I found m***l
Also found some cred for it but unable to connect