Networked

First HTB machine, learning a lot already. I’ve found the u***** and able to put something on it but struggling to get shell. Scripts I’ve attempted don’t seem to work. Attempting to use G**8*a.

Any help would be appreciated :smiley:

Rooted. Learned some new stuff about bash.

Feel free to PM for nudge.

■■■■■■ awesome… Just got USER… Now on to root.!! :slight_smile:

Root! Great box for beginners.

@EvilHacker40 said:

Alright guys at a dead end here as apache user. I’ll get to /…r/…/…/… and touch a listener back to my machine which should be run by the script… I get a shell to my new listener but it’s also as user apache. So I’m unable to escalate to g—. Any suggestions? I’ve tried this command off and on yesterday and today, still the shell gives me apache user. So I need help escalating.

Edit, got escalation it was a syntax issue: thanks to Ctc76, Psychoshadw and Noproscp

You’re expecting a shell to come back as a higher priviledged than the environment that is executing it - The shell will never be g**** user because g*** is not the one executing it. Hopefully this helps :slight_smile:

can you help me, im stuck on user apache, i had try updating the c****_*****.file for opening nc as guly but still same problem. any hint?

I AM ROOT…!! What a pleasure.

Got USER and ROOT. Worth it.

Phew, just before this machine retires.!!

for ROOT: Google. :wink:

i m stuck in user ,what to do with crontab service need help asap

Hello, I’m in need of a little nudge regarding user. I’ve gotten my initial shell. Found the file to exploit, I know how to inject and why it works. I can run basic commands and navigate the directory structure, but for some reason it refuses to execute my reverse shell.

PM appreciated, I can explain in more detail what I’m doing.

EDIT: got user, took a detour :smiley:

And rooted. Fun box. Learnt a bunch of stuff about bash.

struck with root~~ c***n**e.s.

can any one help?

Type your comment

Type your comment> @PhoenixSlasher said:

@EvilHacker40 said:

(Quote)
You’re expecting a shell to come back as a higher priviledged than the environment that is executing it - The shell will never be g**** user because g*** is not the one executing it. Hopefully this helps :slight_smile:

it worked with me, dunno why… maybe someone already did something that made it work?
if there’s more to explain that would be spoiler please pm

UPDATE: ROOTED

i have just got the apache web server shell and for some reason i cant change directories i am stuck in the uploads directory. any help would be appreciated

Type your comment> @BakedBinJuice said:

i have just got the apache web server shell and for some reason i cant change directories i am stuck in the uploads directory. any help would be appreciated

Sometimes you just need “a better” shell.

i think for this problem i can upload php img shell but always reject, anyone can help me?
the upload detection isn’t (that) stupid, make sure you’re at least sending a real picture. Rule of thumb; don’t send it if you can’t open it in image viewer (no matter how distorted it looks)

Pm me if you need help and if anyone understand the m*****r.sh can pm me? Thanks
Gotten root thanks to the people here

is it possible to exploit the → exec(“rm -f var”) somehow ? like running rm from my folder?

Type your comment

Hoping someone can help me out here. I have a low priv shell but having a hard time figuring out what I need to do for user. I have read all the comments and nothing seems to be working for me. I think I know the directory (or directories) that I need to “touch”, but so far I’m not “touching” it in a way that seems to be working. Just need to know if I’m on the right path or not… please PM me or we can talk on Discord if you’re willing to help. Thanks!