CrimeStoppers

Could anyone point me in the right direction in regards to looking for the initial entry point? I can send you what I have so far over PM to avoid spoiling it for others!

@druid there is a way to read source files with some tweaks.
check this “https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal

Thanks @kamalawy, I’m struggling to even find the right parameter :anguished:. Guess I’ll just keep poking at it, but feeling veerrry lost with this one.

@kamalawy said:
@druid there is a way to read source files with some tweaks.
check this “https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal

all I get is a comment over 90s

@macw141 said:

@kamalawy said:
@druid there is a way to read source files with some tweaks.
check this “https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal

Have it, great tip! Thanx! Did not try earlier this way.

I think this is my favorite htb… great box all around

I did not get priv escalation till now, i found some files that talks about malicious plugin, but could not figure out how to use it. any hints/articles will be appreciated.

Keep getting “No such page”. It seems like I’m doing everything right, obviously not though. Could use a hand if someone else had the same issue.

know how to read the files, but can not leverage this to execute something. can someone pls pm me?

@vulture said:
know how to read the files, but can not leverage this to execute something. can someone pls pm me?

Everything you need is already posted here.

Spoiler Removed - Arrexel

@jeba17 said:
Spoiler Removed - Arrexel

You are spoiling.
BTW - did you consider that someone else used what you are trying to use?

sorry by the way . I explained more on my way to priv esc it seems.tried my message as non spoiler as possible.

Could I pm someone on privesc, just a small question.

Could use a hint on privesc from user to root. Can anyone push me in the right direction? I think I know its the localhost thing, but it’s a custom version it seems?

I would definitely not call this machine fun but probably the most informative one I have done so far. Anyone struggling can pm me and I will try to help.

Got root, nice machine. The most fun was getting user. From there it requires some skill, if you know ippsec video’s you should know what to do from there.

Wondered if someone can help.

I’ve read the code and figured out where the uploads go but can’t get them to execute/

Tried editing the html code to change my upload … Which failed so suck tinkering trying to change the POST upload via proxy/command…

Could someone assist with the synatx if poss?

Hey guys ! In ippsecs walk through on youtube my cmd.php file is exactly the same as the ippsecs but when I base 64 decode the zip of it , the output is different, and pasted into burp it is different. Could my zip encoding be different ? Im running a very update version of Kali since the box was retired. Could that be why I cannot get code execution?