Can anyone help me with i am stuck after finding files in f*p. Didn’t get any login till now
Logged in to a******.p** and now i get the error open_basedir restriction in effect.Unable to open file. Any hint on how to resolve this is appreciated.
@s1lv3rst4r said:
Can anyone help me with i am stuck after finding files in f*p. Didn’t get any login till now
Read them and see how they relate to the live ones. Then it might give you the idea to look for other files in a new location.
Root Dance~ feel free to PM me with what you know and i can give you some nudges
@CSN said:
Logged in to a******.p** and now i get the error open_basedir restriction in effect.Unable to open file. Any hint on how to resolve this is appreciated.
Do go for the homerun, go the first base!
Can someone give me a hint on the snake method for root? I know witch one to use but there’s something I don’t understand…
FINALLY! I have root. Nice box. I’ve learn a lot on this box.
Anyone care to help with the last step (hopefully…) to user - I found the page and try to get it to connect to my db, but I’m probably doing something wrong with the setup.
Type your comment> @trevorphillips said:
Anyone care to help with the last step (hopefully…) to user - I found the page and try to get it to connect to my db, but I’m probably doing something wrong with the setup.
What did u do to config?
Crazy box… Makes you wanna break ur head but ull learn a lot… Thanks to @dinosn for the tips… Feel free to ping me for nudges
Waouw what a pain!!!
Finally rooted after days on it.
Probably the hardest box i have done .
I think the difficulty is that avoiding rabbit holes and detecting every little details comes with a lot of experience.
That is the hardest part to learn in pentest , not a special techniques that you can learned but lots of practicing that you make “feel” the rigth spot.
Anyway it makes me learn a lots of things on myself and probably increase my skills.
Thanks @polarbearer and @GibParadox for the box.
Feel free to PM for nudge.
Error in query (2000): open_basedir restriction in effect. Unable to open file
i am using that rouge guy as local server, but i am always getting this message, is that normal?
Edit: just rooted
Such a grate Box. (:
Type your comment> @rnshkkj said:
Error in query (2000): open_basedir restriction in effect. Unable to open file
i am using that rouge guy as local server, but i am always getting this message, is that normal?
Hi, others people gave the answer on the forum.
So, maybe you have this message cause you are trying to open a file that you don’t have the reading rights 
Is it necessary to do a reverse shell from the snake, or is there a way to spawn a shell directly from within sh****.p*?
Hello guys. For foothold how to figure out what file to read after the exploitation? Is something that I had to know from the enumeration? Or something else? Thank you!
Just popped root :). Wow! What a fun box!! Outstanding work to the creators!!
User: I use ffuf for dir fuzzing, for this box you definitely want to look over all the options of ‘-h’ and look for other ones that might be useful when brute forcing.
Root: This took me longer than it should have, read the man pages for sudo and python and also pay attention to what permissions you’re allowed.
Hey guys, stuck after f** login. Could anyone please pm me some nudges? Thank you
@roman1 said:
Hey guys, stuck after f** login. Could anyone please pm me some nudges? Thank you
Extract and compare to live
I have mixed feelings about this box. Getting a foothold was painful but at the same time introduced me to some new fuzzing tools and some very helpful nudges. To get the user, it is possible to join the dots through the various files that are discovered during enumeration but only if you are aware that the admin tool that everybody probably knows is being superseded by the one used on this box. Getting the user after that was common sense if you remember that what appears to be used for access to one part can also be used to access another which seems to be quite common across a lot of the HTB boxes.
My favourite bit undoubtedly has been the escalation to root. The sense of satisfaction of getting root was amazing. I thought I knew straight away how to get there until I realised that the permissions had been set in such a way that it wouldn’t be possible. Thanks to google and a couple of very good articles, I have a better understanding of the paths the snake takes and how you can make it go down paths that you want it to. The elevator can help with a key to ensure that things stay as needed so your exploit calls home. I wouldn’t say this was an easy box but does teach that as you gather each piece of information you need to enumerate everything again as additional bits can appear from one step to the next.
Thank you @TazWake and @killerhold for the nudges very much appreciated.
I just got a user.
It was not so easy.
I think this box should have an medium rating.
Hint for user: if you’re not comfortable with MySQL, can read this article:
https://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/
Hope this not a spoiler
Now for root…