Hey im pretty new could someone please point me in the right direction or give me some hints. and the web server is saying internal server error, im confused as to whether that is meant to be happening, i would appreciate any hints just PM me thanks.
Rooted. Finding the seclists.org vulnerability article is the key. You can also achive root by fuzzing the script parameter, but you will got the shell not knowing why lol
Got user shell thanks to a tip from noi.
Am able to touch a file to make a connection back to me from a dir, but all I get is another apache shell.
Literally no idea where to proceed from this apache shell.
Spent hours bypassing PHP file upload restrictions. The webserver is executing .png as a PHP file for unknown reason even though is a nginx webserver running on CentOS...
Kind of disappointed.
Alright guys at a dead end here as apache user. I'll get to /..r/.../.../... and touch a listener back to my machine which should be run by the script... I get a shell to my new listener but it's also as user apache. So I'm unable to escalate to g---. Any suggestions? I've tried this command off and on yesterday and today, still the shell gives me apache user. So I need help escalating.
Edit, got escalation it was a syntax issue: thanks to Ctc76, Psychoshadw and Noproscp
First HTB machine, learning a lot already. I've found the u***** and able to put something on it but struggling to get shell. Scripts I've attempted don't seem to work. Attempting to use G**8*a.
Alright guys at a dead end here as apache user. I'll get to /..r/.../.../... and touch a listener back to my machine which should be run by the script... I get a shell to my new listener but it's also as user apache. So I'm unable to escalate to g---. Any suggestions? I've tried this command off and on yesterday and today, still the shell gives me apache user. So I need help escalating.
Edit, got escalation it was a syntax issue: thanks to Ctc76, Psychoshadw and Noproscp
You're expecting a shell to come back as a higher priviledged than the environment that is executing it - The shell will never be g**** user because g*** is not the one executing it. Hopefully this helps
Hello, I'm in need of a little nudge regarding user. I've gotten my initial shell. Found the file to exploit, I know how to inject and why it works. I can run basic commands and navigate the directory structure, but for some reason it refuses to execute my reverse shell.
PM appreciated, I can explain in more detail what I'm doing.
EDIT: got user, took a detour
And rooted. Fun box. Learnt a bunch of stuff about bash.
Type your comment> @PhoenixSlasher said:
> @EvilHacker40 said:
>
> (Quote)
> You're expecting a shell to come back as a higher priviledged than the environment that is executing it - The shell will never be g**** user because g*** is not the one executing it. Hopefully this helps
it worked with me, dunno why.. maybe someone already did something that made it work?
if there's more to explain that would be spoiler please pm
i have just got the apache web server shell and for some reason i cant change directories i am stuck in the uploads directory. any help would be appreciated
i have just got the apache web server shell and for some reason i cant change directories i am stuck in the uploads directory. any help would be appreciated
i think for this problem i can upload php img shell but always reject, anyone can help me?
the upload detection isn't (that) stupid, make sure you're at least sending a real picture. Rule of thumb; don't send it if you can't open it in image viewer (no matter how distorted it looks)
Comments
Hey im pretty new could someone please point me in the right direction or give me some hints. and the web server is saying internal server error, im confused as to whether that is meant to be happening, i would appreciate any hints just PM me thanks.
ROOTED!!
Rooted. Finding the seclists.org vulnerability article is the key. You can also achive root by fuzzing the script parameter, but you will got the shell not knowing why lol
Got user shell thanks to a tip from noi.
Am able to touch a file to make a connection back to me from a dir, but all I get is another apache shell.
Literally no idea where to proceed from this apache shell.
Finally managed to figure out how I got root after getting a shell by accident. Feel free to PM for hints or how the exploit works
I just managed to get root, definitely learned a couple new things with this new box.
@nardin your tip about checking the seclist.org vulnerability was definitely a light spot for me! Many thanks for that.
Feel free to ping me in case of any doubts
Finally rooted, if need help you can send me pm.
pwnd
Rooted my 2nd box.
Tips on root: Don't overthink on the magic words
Spent hours bypassing PHP file upload restrictions. The webserver is executing .png as a PHP file for unknown reason even though is a nginx webserver running on CentOS...
Kind of disappointed.
Alright guys at a dead end here as apache user. I'll get to /..r/.../.../... and touch a listener back to my machine which should be run by the script... I get a shell to my new listener but it's also as user apache. So I'm unable to escalate to g---. Any suggestions? I've tried this command off and on yesterday and today, still the shell gives me apache user. So I need help escalating.
Edit, got escalation it was a syntax issue: thanks to Ctc76, Psychoshadw and Noproscp
Props to @madhack for his insanely quick ownership of root
i think for this problem i can upload php img shell but always reject, anyone can help me?
First HTB machine, learning a lot already. I've found the u***** and able to put something on it but struggling to get shell. Scripts I've attempted don't seem to work. Attempting to use G**8*a.
Any help would be appreciated
Rooted. Learned some new stuff about bash.
Feel free to PM for nudge.
Bloody awesome.. Just got USER... Now on to root.!!
Root! Great box for beginners.
@EvilHacker40 said:
You're expecting a shell to come back as a higher priviledged than the environment that is executing it - The shell will never be g**** user because g*** is not the one executing it. Hopefully this helps
can you help me, im stuck on user apache, i had try updating the c****_*****.file for opening nc as guly but still same problem. any hint?
I AM ROOT..!! What a pleasure.
Got USER and ROOT. Worth it.
Phew, just before this machine retires.!!
for ROOT: Google.
i m stuck in user ,what to do with crontab service need help asap
Hello, I'm in need of a little nudge regarding user. I've gotten my initial shell. Found the file to exploit, I know how to inject and why it works. I can run basic commands and navigate the directory structure, but for some reason it refuses to execute my reverse shell.
PM appreciated, I can explain in more detail what I'm doing.
EDIT: got user, took a detour
And rooted. Fun box. Learnt a bunch of stuff about bash.
cerbersec.com
struck with root~~ c****n**e.s*.
can any one help?
Type your comment
> @EvilHacker40 said:
>
> (Quote)
> You're expecting a shell to come back as a higher priviledged than the environment that is executing it - The shell will never be g**** user because g*** is not the one executing it. Hopefully this helps
it worked with me, dunno why.. maybe someone already did something that made it work?
if there's more to explain that would be spoiler please pm
UPDATE: ROOTED
i have just got the apache web server shell and for some reason i cant change directories i am stuck in the uploads directory. any help would be appreciated
Type your comment> @BakedBinJuice said:
Sometimes you just need "a better" shell.
cerbersec.com
the upload detection isn't (that) stupid, make sure you're at least sending a real picture. Rule of thumb; don't send it if you can't open it in image viewer (no matter how distorted it looks)