Aragog

j4v40n654n · May 22, 2018, 2:05am

@Rayvenhawk said:
Ugh! So I’ve conceded that I’m stuck on this one, so I found the 2 files but I’m stuck on exactly how they relate or even how to put them together. Anyone care to shed some light onto what I’m overlooking? I’ve looked at the OWASP Top 10, but none of them popped out at me that screamed “Hey look here!!!”.

Did you notice the file format? Try matching it with OWASP Top 10.

panikode · May 22, 2018, 6:12pm

Grabbing root.txt on Aragog is dead until the next reset and it’s my fault. I changed something too early and didn’t think about the consequences

P0ckL1ck3r · May 23, 2018, 5:50pm

I need some guidance, I have the two files, have read over the OWASP top 10, still not making a connection. Can someone PM me with some hints please

HCF · May 26, 2018, 11:10pm

Rooted… PM if anyone need a hint

breakingthings · May 26, 2018, 11:26pm

Spoiler Removed - Arrexel

P0ckL1ck3r · May 27, 2018, 4:03am

I got user.txt without shell, but im stuck on how to get shell

P0ckL1ck3r · May 27, 2018, 6:30am

Got shell, working next steps

Sh311c0d324 · May 29, 2018, 12:21am

Someone willing to PM? Still haven’t figured out what to do with these files. Tried dirbuster, dirb, nmap, etc… Read OWASP top 10. Nothing is of value so far. Any nudge in the right direction would be much appreciated…

Sh311c0d324 · May 29, 2018, 8:19pm

Rooted

Waffles · May 31, 2018, 2:13pm

I have a shell but im semi-stuck on the priv-esc. Anybody feel like helping me?

Almidar · June 3, 2018, 9:32pm

Any hints on getting actual shell or atleast RCE? I managed to get user flag through that owasp top 10 exploit and LFI but am kinda stuck now, google wasnt too helpful either this time

renorains · June 4, 2018, 8:41am

This priv-esc is driving me crazy… so many information collected (processes, automated processes, blog, folder tree particularities), so many rabbit holes followed and … I am starting back from scratch, what am I missing? is this that obvious?

Espy · June 4, 2018, 3:01pm

@renorains said:
This priv-esc is driving me crazy… so many information collected (processes, automated processes, blog, folder tree particularities), so many rabbit holes followed and … I am starting back from scratch, what am I missing? is this that obvious?

I’m in the same position. It feels like I’ve gathered all the info I can and just can’t fit the pieces together.

3lpsy · June 6, 2018, 10:33pm

Correcting a few of the hints for user. People are mentioning two files. One is a file. The other is sort of a file. It’s not something you can download or put on your system. Without giving it away, think about what you can do with these types of things given the protocol. Then consider what else you have. After that, Owasp Top Ten 2017 should reveal the path. Also, don’t be so committed to getting a shell. Think about what you can do once you’ve found the path.

huwwp · June 7, 2018, 3:13am

Spoiler Removed - Arrexel

anakein · June 7, 2018, 6:01am

I need help, I have the user, but I can not do a pivoting. PM Please

leorac · June 9, 2018, 5:10am

Just rooted this machine. I’ve learned a lot but is a very strange asset! PM if you need

leorac · June 9, 2018, 5:12am

@penumbra said:
Anyone got a hint? I’ve mysql admin, wp admin, I can see there’s a script running that restores the folder every five minutes but I can’t see how to interrupt to get myself a root shell…

don’t think about the script. Think about the admin that is constantly logging in… like it was a real person. What should you do to steal his password?

moloshy · June 9, 2018, 9:17pm

Anyone available for a PM to help with privesc? I have all the pieces to the puzzle, and know what needs to be done to get root. However I’m not sure which utility / script could be used. I’m right there my commands just need some fine tuning