Hi here,
I’m really stuck on the first shell for this one, even if it’s suppose to be an “easy” one …
I got the user with LFI, but i’m not able to got a shell … I’ve try bind access to some files, but i got nothing … (except some regular conf file from a database :/)
Any hint for me ?
Thanks
@HomardBoy there is an interesting article titled when all you can do is read.
Should point you in the right direction
anyone mind shooting me a PM about putting “together” the two files?
Hint in this topic.
Priv-Esc: have patience.
anyone can PM me the hint for priv esc ?. thank you
I’m stuck at priv esc, managed to get DB creds then Admin creds but I can’t connect to the admin dashboard because when I click login, it redirects to the URL : http://aragog… and firefox returns that the server was not found and modifying the request etc with Burp doesn’t work
How can I fix this ?
And if anyone could pm to give me some hints ?
Thanks
@Az3K said:
I’m stuck at priv esc, managed to get DB creds then Admin creds but I can’t connect to the admin dashboard because when I click login, it redirects to the URL : http://aragog… and firefox returns that the server was not found and modifying the request etc with Burp doesn’t work
How can I fix this ?
And if anyone could pm to give me some hints ?
Thanks
1- Might be useful to understand how name resolution worked in the times before the internet.
2- Think what you can do with the information you already have. 
Been on priv esc for a while now, edited my hosts to include aragog, i know about the files i can edit. I also see the things being run every little bit. Can someone PM me for a hint?
I suppose i have edited the file but i am not able to get creds for admin page… am i missing something?
Need help with privesc. I found DB creds, got admins hash, couldnt crack it. Then saw the login script running, changed a file a bit and got admins password, however i cant use it to log into wp, and, even if i wanted to, I could just bypass login. it is also not valid to su in c…f or root, and its not f…n’s password for sudo. How should I proceed? From the hints above it seems like I should get c…f shell but I have no idea how and I don’t know where to use the password.
any nudge on how to edit the -. file?
have 0 experience with php and can’t elaborate something
Hey guys I need help! I have been enumerating with dirbuster but nothing!!! ONLY FOUND FTP FILE AND NO OTHER ‘FILES’!! I know this should be an easy access to the machine but all I see on http server side is a default apache2 page! PM me I need help finding ‘second’ file.
For PE edit somethings 1 line in php but you have to know where to do first.
Hint PE show on paragraph 2.
Finally, i got root .
learn a lot from this box 
Found 2 files. I am thinking about that possibly method in OWASP top 10 2017 but i am having permission error. Is it normal or i am in the wrong way?
@dmknght said:
Found 2 files. I am thinking about that possibly method in OWASP top 10 2017 but i am having permission error. Is it normal or i am in the wrong way?
check the syntax of the file
@n01n02H said:
@dmknght said:
Found 2 files. I am thinking about that possibly method in OWASP top 10 2017 but i am having permission error. Is it normal or i am in the wrong way?check the syntax of the file
i can not replace the file 
i’ve pressed reset button and hope it will work. I am trying with “not http service” file
I do not know how to say without a spoiler))) you have to make the right request to Spoiler Removed - Arrexel
I think it is spoiler, but it is actually helpful. Thanks. I gonna die in this “not http service” hole without you.
Rooted this box. I think get root’s flag is a CTF-like.
- For foothold step, using dirb and common wordlist is enough. You must see dirb’s options and add extension for finding file name. Exploitation in this step is very easy, but find the way to exploit it is hard (for me). Top 10 OWASP 2017 is a hint. Thank @n01n02H for helping me.
- Get a shell is not very hard if you exploited successfully. This step kinda like Valentine box
- Crack that blog panel is not really necessary if you know what to do next. Everything goes to enumerate processes. The hint is: You must know what is running inside the box. You must “snoop on processes without need for root permissions”
- Next step is fun, but i think it is unrealistic. I cheated a little bit because i used a script on the box, edit it and owned password. If you did step 3 perfectly, you will know what to do in this step.