Sniper

Stuck after initial shell. I found some creds in php files but not sure how to access the db from restricted shell.
I am thinking runas could be the way forward but would need creds for the Ch*** user which I havent found so far.

Need a nudge please…Powershell noob. DM me.

Struggling to get the user shell for a day. Found a valid cred and user. hmm
edit: NVM. After taking a good sleep, everything worked as expected. Now on to root!

edit2: stuck on the final step onto root… I’m poking at c** for a while with no luck.
any nudge appreciated.

Edit3: I think I’m seeing the way.

Can anyone help me with exploiting RFI in initial foothold? Tried all methods I know but nothing works. Please, write me via PM.

Type your comment> @Dreadless said:

So I am stumped. I am trying to get initial shell. I can read files from my machine easily enough but the minute i try a php file i get sorry page not found. can someone lend a hand?

EDIT: I have just been reminded about windows defender… ■■■■■■ windows!

Hi, could you give me a hint on how you got anything from your machine to render?

I seem to be getting a not found with any file I try, even a basic txt file.

Cheers

Hi, I am also stuck at the beginning. Tried manual LFI (wrapper, expect, php, input) and also Kadimus and LFISuite. No Success so far :frowning:

Hi Guys… Been trying this box for a few days, still stuck on trying to get user… Basically i found a way in, Am able to run some commands, but cant think of a way to get shell… can anyone help?

thanks

Hi guys, any idea how to inject payload into c** file to get root

Finally rooted!
Big thank you to @MinatoTW and @felamos for creating this challenge :D!
What a journey!

Also a big thank you to:
@parteeksingh , @noob2sec & @rholas for your help in me getting over the line.

(I need sleep) lol

Rooted!

Thanks to @HAL9000B

Rooted!
Thanks @MinatoTW and @felamos ! Very realistic machine!!!

Ok, I give … can someone help me with the final step of rooting this box? I have tried a number of tools to craft the file and then use it, but something is not clicking as I am not getting the output that I expect. can anyone help me clarify or troubleshoot what I am doing wrong?

Hi, guys! Can you help me with reverse shell? I can execute files remotely, but can’t find script to obtain access by User. I tried a lot of things, but nothing works. PM me if you want.
EDIT: Got the shell, but now can’t escalate the privilegies.

I am stuck guys on getting user, I got c**** pass but I dont know how to switch user from i*** since runas is not working

I am stuck at the initial foothold, can you please PM me… I am using a tool by Im****et to help me get a shell but it seems to error out when it receives the connection.

I am stuck at initial foothold for few days, I think I know where is the rfi page, but not able to get anything, please give me some hints, many thanks.

Wow, finally rooted… feel kinda stupid due to my own lack of attention to detail. Thanks for the box!

Nice box!

User:
Enumerate the web, find the vulnerability and investigate how you can execute code.

Root:
As other have said, listen to the boss. Enumerate and see what kind of file there are and what you can do with those files.

can I have hint for root

I’ve tried several big lists of payloads to find the f on the parameter that can be changed, but I’ve had zero luck…

edit: got a shell and a couple of credentials, but not the ones for the user I need to become.
Is there a password reuse?

Got root!! Was pretty hard challenge, if you need help pm me ^^