Networked

Hello guys,
Please could you help me ? I tried upload .php file but without success pleas could you someone provide right way for me ? :slight_smile:

if anyone needs help with the c***_a***.php code and/or how can do the privesc to user send me a dm

Edit: Rooted.

Rooted ^^, it was my first machine and i was so funny.
User shell: basic steps to get it
root user: enumeration and google

I have got to a point where I query via url and see files but dont know what to do from here…any nudge please

Rooted! Nice box @guly! Root was easier than user, but overall this one is probably one of my favorite boxes so far in how you privesc to user!

Type your comment> @D3Fix said:

Type your comment> @Ursa said:

If anyone is good at PHP, I’d very much appreciate a PM. I don’t want to put too many details here, but two parts of a certain script are troublesome and I can’t find what they do anywhere online.

You can PM me if you still need help

me too please help me

Spoiler Removed

Type your comment> @D3Fix said:

Finally got root after 3 hours of overthinking.

User tip:

  • GIF89a
  • cron
  • touch

Root tip:

  • see what u can run as root with user g***
  • research about network-scripts
  • use basic linux commands

If you need help, PM me. (please be as clear as possible, when message me. Like, what have you done, where are you stuck, etc.)

I had been guly ,can you help me get the root?

Got user.txt . But cannot open. Any nudges will be great

Another good box.

Favourite box so far. Pretty simple and great first box for a beginner like me. Did user the first night and came back for root two weeks later. Learned a lot and used a few exploits I hadnt previously.

[wrong]

working on how to use c…_a…php and its crontab.
I have understood (maybe i am in wrong) that I should do something in the u…s directory…and suggestion?

I need help with user. can somone pm me and help

edit [Rooted]

So I have run a local server where I used the backup files and linked them together, my exploit seems to be working here, but somehow I cant do this on the machine. anyone willing to help?


EDIT:

I Got a shell on the server! Now trying to get a shell into user.

A little late to the party but I just finished this. I gotta say this was actually one of the more realistic, less CTF-y ones so far! Thanks @guly !

for the initial foothold: Pay close attention to the types of whatever you upload. This took me a while to remember, but this is a straight-up realistic developer error you will come across as a pentester

User: enumerate (but not toooo much), and then read carefully! Also wait.

Root: enumerate (but not toooo much). It’s easy to find it, hard to understand it (for me) - I am still trying to dig through the manual to find why this works

I did not use any enumeration scripts, exploits or bruteforcing/guessing, not necessary!

anyone help me how to get root access i just got user access g***

Got User Flag. Any Hints For Root?