Sniper

Excellent and well thought-out box. Thanks a lot @MinatoTW & @felamos !

Type your comment

I still have a question about this box can someone please explain something to me real quick? please e,e

I have the vector for root, but all the payloads i have tried don’t work. Would someone please PM with a nudge? I can share what i have tried so far.

Type your comment> @v01t4ic said:

user:
For anyone like me who is struggling with initial reverse after you get execution search here → http://ippsec.rocks

Any special video

Could someone provide a nudge via PM? I’m looking for LFI with l*** but I’m not finding anything. Am I on the right path? Is there a better tool that I should use?

could also someone give me a nudge in the right direction for RFI/LFI please?

Can anyone help me out with this LFI ?? This l**g parameter doesn’t seem to be vulnerable to any inclusion attack…

Type your comment> @XeN0N said:

Can anyone help me out with this LFI ?? This l**g parameter doesn’t seem to be vulnerable to any inclusion attack…

You can easily dance your way around that one :slight_smile:
Just don’t go for the classics, go for something more modern :slight_smile:

Could somebody give me a hint on root? I found the clues. I just don’t get it

So I am stumped. I am trying to get initial shell. I can read files from my machine easily enough but the minute i try a php file i get sorry page not found. can someone lend a hand?

EDIT: I have just been reminded about windows defender… ■■■■■■ windows!

Hey! I manage to get some creds using RFI, but can’t use the anywhere :frowning: m***l is not responding. Any hints as to where to go from here?

is rce really unreliable? sometimes it stops working for couple of minutes, then it starts working again…

PM for Nuggets

Hack The Box

Hi, I have found the LFI, and got to know from hints that I need to make it “remote” from “local”. I tried executing a remote php script but It didin’t work. I can’t see any web page request in my SimpleHTTPServer. But I can see the Ping ICMP requests on my system from the target system. Can anybody give me a nudge? Thank you! :slight_smile:

Type your comment> @xscorp7 said:

Hi, I have found the LFI, and got to know from hints that I need to make it “remote” from “local”. I tried executing a remote php script but It didin’t work. I can’t see any web page request in my SimpleHTTPServer. But I can see the Ping ICMP requests on my system from the target system. Can anybody give me a nudge? Thank you! :slight_smile:

For exploiting an RFI vulnerability you can use more than one methods. Use Google to confirm this statement.

Would anyone be able to give me a nudge,
I found m***l
Also found some cred for it but unable to connect

anyone able to give a hint on user ? find you can do LFI with certain paths but not a clue where to go from here

Hi, I found the LFI but I’m not able to read some files outside the current folder. I tried some wrapper functions and many more. Can someone pls. give me a hint what I’m missing. Thx.

Really having a hard time running as user
Could anyone please give me a nudge on how to get there. I know the creds for user are valid as they were validated on a lower port