Spent hours bypassing PHP file upload restrictions. The webserver is executing .png as a PHP file for unknown reason even though is a nginx webserver running on CentOS…
Kind of disappointed.
Alright guys at a dead end here as apache user. I’ll get to /…r/…/…/… and touch a listener back to my machine which should be run by the script… I get a shell to my new listener but it’s also as user apache. So I’m unable to escalate to g—. Any suggestions? I’ve tried this command off and on yesterday and today, still the shell gives me apache user. So I need help escalating.
Edit, got escalation it was a syntax issue: thanks to Ctc76, Psychoshadw and Noproscp
First HTB machine, learning a lot already. I’ve found the u***** and able to put something on it but struggling to get shell. Scripts I’ve attempted don’t seem to work. Attempting to use G**8*a.
Alright guys at a dead end here as apache user. I’ll get to /…r/…/…/… and touch a listener back to my machine which should be run by the script… I get a shell to my new listener but it’s also as user apache. So I’m unable to escalate to g—. Any suggestions? I’ve tried this command off and on yesterday and today, still the shell gives me apache user. So I need help escalating.
Edit, got escalation it was a syntax issue: thanks to Ctc76, Psychoshadw and Noproscp
You’re expecting a shell to come back as a higher priviledged than the environment that is executing it - The shell will never be g**** user because g*** is not the one executing it. Hopefully this helps
Hello, I’m in need of a little nudge regarding user. I’ve gotten my initial shell. Found the file to exploit, I know how to inject and why it works. I can run basic commands and navigate the directory structure, but for some reason it refuses to execute my reverse shell.
PM appreciated, I can explain in more detail what I’m doing.
EDIT: got user, took a detour
And rooted. Fun box. Learnt a bunch of stuff about bash.