@w4nd3r said:
I had a feeling you could get in through www-data… I dropped it and found the intended method. I would love to come back and learn that someday though.
Still stuck here with www-data and neither can move ahead nor behind… 
Any idea where to start to look? What’s this “Intended Method”!
@briyani said:
@w4nd3r said:
I had a feeling you could get in through www-data… I dropped it and found the intended method. I would love to come back and learn that someday though.Still stuck here with www-data and neither can move ahead nor behind…
Any idea where to start to look? What’s this “Intended Method”!
the Goal clear anyhow get a root flag. all way are correct but only one condition is anyhow u ll managed the root access…
enumerate system …and also take a look of exploitdb priv esc section…
@Agent22 said:
@briyani said:
@w4nd3r said:
I had a feeling you could get in through www-data… I dropped it and found the intended method. I would love to come back and learn that someday though.Still stuck here with www-data and neither can move ahead nor behind…
Any idea where to start to look? What’s this “Intended Method”!
the Goal clear anyhow get a root flag. all way are correct but only one condition is anyhow u ll managed the root access…
enumerate system …and also take a look of exploitdb priv esc section…
Got it. It was right infront of my eyes the whole time. Thanks @Agent22
Did anyone else get the issue ‘Failure copying from /proc/self/cmdline’ when exploiting proftpd? I can’t find anything on google that resolves this issue. I am running as root too.
Okay, this box is extremely easy. However, it is a box that can cause some serious overthinking. This box does not require exploitation nor does it require a shell to be uploaded. Everything you need is there for the taking. In a way, it’s an information jigsaw puzzle.
Think information reuse.
When it comes to priv-esc, think what you would normally do on your machine running Linux.
@HackedComputer Thanks for the heads up with this machine! I was way over complicating it! Thanks again dude. Finally got user and root.
As I scroll through the forum and look at the posts in this thread I see lots of www-data is a no-go
A question spawns in my head… Do I need to be local inside the system?
Or is this intended method a remote exploit?
;-;
@PinkPanther said:
As I scroll through the forum and look at the posts in this thread I see lots of www-data is a no-go
A question spawns in my head… Do I need to be local inside the system?
Or is this intended method a remote exploit?
Refer to my post.
If someone has a complex password, what are they likely to do? Where would you find valid usernames on this web application that can be tried on a secure administration protocol? How would you go about elevating privilages on your own system?
@HackedComputer your previous post was ok, but with your last post you are spoiling too much!
man I feel really stupid… I cant figure it out Ive had www-data shell for 3 days now and ive tried tons of RCE’s and enum of privs ive even tried local exploits xD they usually end in kernel panic ive been staring at this minecraft folder for days as well but I know nothing about minecraft can anyone shape my mind in the right direction im dying ;-;
HAHA I DID IT ■■■■ SO SIMPLE
WAYYYY OVERTHINKING
it take 2 days for me to get root, privilege escalation on this machine is so very very cloooose after you get a user’s access, good luck
Fucking briljant if you solve it, you smash your head through the wall 
Help please, I am stuck can some please give me a pointer I can see the user.txt but can’t cat it, I can see the Minecraft folder, I have only been hacking a year and could really do with just pointing in the right direction, share the love fellow H4C3R5
lol meant H4CK3R5 !!!
@DeeBee said:
lol meant H4CK3R5 !!!
You can send me a PM ;D
Hi all. Those of you who did not follow the intended way, how did you get in as www-data?
To get in as www-data is easy. With the password obtained from the .jar file you can login to phpmyadmin and change or crack notch password. Then you can use metasploit (exploit/unix/webapp/wp_admin_shell_upload exploit) to upload a php-shell as www-data.