I’m not very familiar with this service, not sure where to query. Found the h***th page that confirmed the service on the backend but not sure how to proceed.
Edit: Nvm, it appears I DIDNT REALIZE THE IMPORTANCE OF A SLASH. God that is so annoying, since when did slashes at the end of a URL matter?
Thank you I already went by it thinking someone else uploaded it or so whatever.
Got it, root was clear and very enjoyable, read the docs and you should get it. user was more difficult becouse a little bit guessing and timing was necessary.
Can anyone give me nudge? first box here. Using A** C** but running into a security token issue after inputting conf a*****ID. Thinking I need to input to a*s to be able to add to enter through remote?
Can anyone give me nudge? first box here. Using A** C** but running into a security token issue after inputting conf a*****ID. Thinking I need to input to a*s to be able to add to enter through remote?
You need to run the configure command for that tool. The actual values you select don’t seem to matter.
Hi guys I’m a little far from getting webshell
I found DyB Ja*** sh** and now I can create bus and obj but when I try to inject a ph* payload in the clo**.png in bu****.*** host, It still plain text and not executed…
Can someone help me plz.
I own user, but I struggle for port forwarding.
I dont want to spoil, so can someone pls write me in pm for helping me with port forwarding?
Thx that would be cool
I’m looking to trigger my reverse shell (.jsp/.php) after planting it in /a******* or /a*******/im****/ by navigating to it in the browser, but I’m continuously prompted to just download the file (rather than run/execute the payload).
Did you all trigger your non-Dy****** J*** shell this way for the foothold? Or do I need to keep reading through the documentation?
I’m looking to trigger my reverse shell (.jsp/.php) after planting it in /a******* or /a*******/im****/ by navigating to it in the browser, but I’m continuously prompted to just download the file (rather than run/execute the payload).
Did you all trigger your non-Dy****** J*** shell this way for the foothold? Or do I need to keep reading through the documentation?
Pretty much that way. I’d double check what your reverse shell is trying to do.
The only other challenge I can remember what being quick enough that the script didnt get eaten. I found scripting the upload and the request to the file launching the reverse shell worked best.
I am able to read arbitrary files as root and I have the root flag but I haven’t been able to figure out how to get a shell. I have a hash but wasn’t able to crack it. Can someone PM with a nudge?
I just started this box and found what it looks like a shell url, but when I try to visit it with the browser it redirects to like a url with the next structure {id}:{port}/{path_shell} and I can’t open it… Any hint on this?
Rooted. It was an interesting box, learnt some new techniques
Good medium box, took a lot of research to familiar with the tools been using in this box
PM me for nudges if you guys need it
i am stuck with the pdf file.
i am not able to read or decode it.
can anyone provide me the hint.
coz its the last step where i stuck in after decoding it i will be able to have root access of the bucket successfully