This was a super fun box. Privesc is usually super hard for me, even tho it took me forever to figure out how to get user and root shells, it was at least nice to know I was looking at the right things, I just had to figure out what was being done so that I could make it do what I wanted, so I was forced to learn some things I didn’t know, which was nice. (How do PHP devs not kill themselves? God that is ugly code)
Got user and got root!!!
As a complete noob into this.
Footstep: I found the pages fast, and had an idea what to do with it. Didn’t know how to do it. Google is your friend. Had to try like 5 different methods before I found the one that work.
User: Once the footstep was in, other user actions on the shared box pointed me in the right direction. Googled for certain commands that I saw being used. Learned some new things, and after several attempts I was able to get user.
Root: Was actually the easiest part. Found the interesting file already duing the user hunt.
You just need some basic linux networking info, to know what certain key scripts do
Finally got root. Tip for root if you’ve tried fuzzing for hours: Sometimes what you tell someone the first time might not matter, perhaps the second time around they will listen to your orders.
I’ve gotten to ‘the page’ and I have a script made, baked well and smelling tasty. The machine won’t bite and I’m wondering which piece of crust is giving me the problem. I can’t find anything worth changing in the headers (the ones I’ve tried changing don’t work out for me). Any help would be appreciated.
Yesterday I got into user privl by touch and funky name but today when I’m trying same method it isn’t working can someone explain me why?
//edit: My bad, everything works just fine.
I’ve gotten to ‘the page’ and I have a script made, baked well and smelling tasty. The machine won’t bite and I’m wondering which piece of crust is giving me the problem. I can’t find anything worth changing in the headers (the ones I’ve tried changing don’t work out for me). Any help would be appreciated.
Got the initial low priv foothold. Been examining all the PHP files and their functions but still stuck on how to escalate from here to user. Someone please PM with help/nudge so I can move forward. I’m sure i’m seeing what is required (i can see what pattern the TOUCH has to be, just not sure how to put pieces together.)