I’m still having problems with this box… I’ve reset it a couple times, still the issue persists.
I logged into the website, and I’m trying to edit files to gain a shell, however, it will not let me update any php files, whether in the theme editor or if I try to edit plugins. I keep getting this error:
“Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.”
My research has shown that the issue is usually caused by plugin conflicts, or editing other setup/config files… However I’ve not edited anything, and plugins are deactivated by default. I even had a friend start the box the same time I did, they rooted it, and I’m here stuck with errors. Super frustrating knowing what and how to do what I need to do, but not being able to because I don’t know how to get around this error. Never had an issue before when it comes to editing a WP file to gain shell access…
Any help would be appreciated…
Find my post here , it has a hint on what you are struggling on
PM if it feels too cryptic
i ssh into the box as k*** with a found password, i got directly into root, my guess is that thats not the intented way, please dont break the machines too much :neutral:
Enjoyable box. I did go for a simple, “automated” path to foothold because I was really frustrated after a day failing to get anywhere on tentacle, but it does look like there are a few ways to get a foothold which is pretty cool.
Privesc was nice and you don’t see it very often here but google is your friend.
Rooted! Nice box, spent too much time in the foothold part, I felt so stupid when I realized that what I needed was literally under my nose.
Did manage to get a shell without M*F but with a “classic” approach (google is your friend).
User I initially overlooked the output of enumeration tool, but with a deeper look spotted what I needed.
Root part is easy but I learned something new that I didn’t know.
finally rooted! great box. took me some time for user due to the unusual OS but the green vegetable did help. path to root was new to me. probably easy to someone who is familiar with this functionalities. unfortunately it looks like someone already put up an indirect writeup for root on the net (it doesnt say explicitely so but the screenshots are a kind of an obvious giveaway) and using google will show it as one of the first hits.
finally rooted! great box. took me some time for user due to the unusual OS but the green vegetable did help. path to root was new to me. probably easy to someone who is familiar with this functionalities. unfortunately it looks like someone already put up an indirect writeup for root on the net (it doesnt say explicitely so but the screenshots are a kind of an obvious giveaway) and using google will show it as one of the first hits.
Unfortunately yes, I fell into this trap, but I don’t consider it as “cheating”, because the article explains how the privesc works. I would have learned something
(Quote)
Unfortunately yes, I fell into this trap, but I don’t consider it as “cheating”, because the article explains how the privesc works. I would have learned something
I guess it is a bit of a greyish area in this particular case. It is similar to looking up things in e.g. gtfobins.
(Quote)
Unfortunately yes, I fell into this trap, but I don’t consider it as “cheating”, because the article explains how the privesc works. I would have learned something
I guess it is a bit of a greyish area in this particular case. It is similar to looking up things in e.g. gtfobins.
Rooted
Thanks to @egre55 for this box. Learnt new stuff and definitely put my programming skills to good use
Foothold
So, you know what it is. Look in every crack and hole. You need to get the interesting thing in a specific place.
User
Just more of the same, read every thing, your usual enumeration.
Root
Actually pretty fun to be honest, new for me personally.
See which groups you’re in and check what kind of files can you play with.
Do your usual enumeration and once you put the pieces together and find the files to play with, play with them, but be quick. You don’t have all day.
Once you realize a way to execute commands you’ve basically got endless ways of escalating privileges.
My DMs are always open for nudges or discussion about the machine
Hi senpai, if anyone could help. as i still couldnt get a foothold after a day of attempt. i know there are some directories open on “/testing” ,application version, sql credential, plugin name. but none of it work especially the rpc.
Hi senpai, if anyone could help. as i still couldnt get a foothold after a day of attempt. i know there are some directories open on “/testing” ,application version, sql credential, plugin name. but none of it work especially the rpc.
Getting the foothold is much simpler, given that you already found credentials …
Whenever you get credentials, think of the possibilities… Not all keys open their locks, some open others’
i cant connect to any website in htb please help me guys the error when using chrome is dns probe finished nxdomain and when using fire fox the webpage doesent open plz help me i am new here this is my second box
i cant connect to any website in htb please help me guys the error when using chrome is dns probe finished nxdomain and when using fire fox the webpage doesent open plz help me i am new here this is my second box
Have you added the domain name to your hosts file?
Hi senpai, if anyone could help. as i still couldnt get a foothold after a day of attempt. i know there are some directories open on “/testing” ,application version, sql credential, plugin name. but none of it work especially the rpc.
Getting the foothold is much simpler, given that you already found credentials …
Whenever you get credentials, think of the possibilities… Not all keys open their locks, some open others’
yeah buddy. hahaha. foolish of me… i tried other methods of authentication instead of the objective’s authentication. i got it now. thanks u @imClara@Galapag0s@sicario1337