Aragog

This box is driving me crazy!!! :lol:

so… I have access as the 1st user… i see a file that runs periodically but I can’t read it…
I’ve covered all the points previously mentioned afaik…

Still stuck :confused:

I would appreciate a gentle nudge via PM
but no direct spoilers please if anyone does reply.

Thx

Finally got root…
I can’t believe I missed the clue right in front of me.
#stillanoob :lol:

Hi guys
i managed to get user flag without a shell
any advices on how to get a reverse shell?
Any help really appreciated

Found two files but I’m not sure if its the files that everyone is mentioning.
Would love it if someone could PM me so I can check!

I’m so lost with privilege escalation… I got into the mysql database, found something that one user said, but still nothing. I don’t see what else I’m supposed to do here. Any tips would be greatly appreciated. PM if you like. :slight_smile:

Hey guys, struggling with the privilege escalation for a couple of days ,and looking for a life line. I’ve got a hash from the WP-> DB, and tried cracking it without success. I was looking around as one user for anything odd, and nothing is jumping out to me when running LinEnum.sh. Anyone available for a DM to help me get on the right path?

I found two potentially interesting files, and been reading over the OWASP top 10. Only found one thing that could potentially be it, but I’m not sure how I’d leverage it. Could someone PM me to discuss if I’m on the right track?

Can I run some code by someone via PM? I know what to do, I thought I knew how to do it, but it’s not working and it’s driving me nuts.

I know what is happening inside the wp directory, but I cant seem to find the conversation between the users. Any one have any other hints?

@czvx look for the conversation using the web browser :-).

found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

nvm, got it

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

@macw141 said:

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment

@w31rd0 said:

@macw141 said:

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment

Look what is displayed on the screen. Imagine how the application works and how output changes when you send input. It will quickly become clear how you need to format your payload.

@macw141 said:

@w31rd0 said:

@macw141 said:

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment

Look what is displayed on the screen. Imagine how the application works and how output changes when you send input. It will quickly become clear how you need to format your payload.

I understood how the initial input is converted and displayed.
The part i am struggling is how to change the functionallity to something else (and if that is possible :stuck_out_tongue: )
although i haven;t done a lot of testing on it yet…

Hey guys,
I have found two files and I have seen the top 10 of owasp but I don’t see any relation. An hint please?

@ska said:
Hey guys,
I have found two files and I have seen the top 10 of owasp but I don’t see any relation. An hint please?

Best advice I’ve seen is what is the format of the t*.* file… and how can you use that with the other one.

@sk2k said:

@ska said:
Hey guys,
I have found two files and I have seen the top 10 of owasp but I don’t see any relation. An hint please?

Best advice I’ve seen is what is the format of the t*.* file… and how can you use that with the other one.

Yes, I have seen that file, and now I have user :sweat_smile: , thanks!

Got RCE. Any pointers to get a shell. SSH creds would be good but cant find nothing. Got user names. Is it a brute force ssh?