Networked

Finally rooted. My tip: use a shell with stderr displayed.

Rooted !
I enjoyed this box, easy but at the end you learn some stuff, it was interesting, i apreciated.
If someone want some nudge , feel free to write me

enjoy guys

rooted! Thx for the hints

So i’m pretty sure i’m on the right track, but I can’t see anything but a " . " in the u… folder. Yesterday I could see other peoples files there, but now nothing. Anyone has any idea as to why?

Type your comment> @Darkless said:

So i’m pretty sure i’m on the right track, but I can’t see anything but a " . " in the u… folder. Yesterday I could see other peoples files there, but now nothing. Anyone has any idea as to why?

Check some files and see what happens when you upload something and where does it go. If it says that the upload is successful than the file is uploaded. Check which pages you can open. From there on I am stuck as well.

Go user & root!
Really fun box.

Tips: bake something, then find a wild way in… Then try things out for root!

Thanks!

This was a super fun box. Privesc is usually super hard for me, even tho it took me forever to figure out how to get user and root shells, it was at least nice to know I was looking at the right things, I just had to figure out what was being done so that I could make it do what I wanted, so I was forced to learn some things I didn’t know, which was nice. (How do PHP devs not kill themselves? God that is ugly code)

PM if you need a nudge

Rooted

i am so noob but i can got shell… plse help i am still apache user…

Got user and got root!!!
As a complete noob into this.

  • Footstep: I found the pages fast, and had an idea what to do with it. Didn’t know how to do it. Google is your friend. Had to try like 5 different methods before I found the one that work.
  • User: Once the footstep was in, other user actions on the shared box pointed me in the right direction. Googled for certain commands that I saw being used. Learned some new things, and after several attempts I was able to get user.
  • Root: Was actually the easiest part. Found the interesting file already duing the user hunt.
    You just need some basic linux networking info, to know what certain key scripts do

Rooted, once you get to the shell the way to take both user access and root access are somewhat similar, but with different files

Rooted. Feel free to PM me if you need a pointer (and not this kind xkcd: Pointers)

Finally got root. Tip for root if you’ve tried fuzzing for hours: Sometimes what you tell someone the first time might not matter, perhaps the second time around they will listen to your orders.

I am stuck with some ch***/cho** for USER. Can some one help out?

Got user. Time for root

Stuck on the apache shell. I thought that I could get user from that but I was wrong. Can someone nudge me on the php workings please?

I’ve gotten to ‘the page’ and I have a script made, baked well and smelling tasty. The machine won’t bite and I’m wondering which piece of crust is giving me the problem. I can’t find anything worth changing in the headers (the ones I’ve tried changing don’t work out for me). Any help would be appreciated.

Yesterday I got into user privl by touch and funky name but today when I’m trying same method it isn’t working can someone explain me why?
//edit: My bad, everything works just fine.

I am so happy, have user access now!!

Still no clue to get root though

Type your comment> @Ursa said:

I’ve gotten to ‘the page’ and I have a script made, baked well and smelling tasty. The machine won’t bite and I’m wondering which piece of crust is giving me the problem. I can’t find anything worth changing in the headers (the ones I’ve tried changing don’t work out for me). Any help would be appreciated.

Maybe the hint “GIF89a” gives you a clue ?

Got the initial low priv foothold. Been examining all the PHP files and their functions but still stuck on how to escalate from here to user. Someone please PM with help/nudge so I can move forward. I’m sure i’m seeing what is required (i can see what pattern the TOUCH has to be, just not sure how to put pieces together.)