Hint for HELP

whit3sails · January 19, 2019, 10:07pm

@23Y4D said:
I managed to find whatever I upload… but I’m starting to have a feeling it is a rabbit hole…
Sooo… is it?

Same here…thought I could trick it to upload a specific file type but no luck…

daddycocoaman · January 19, 2019, 10:39pm

Revelant.

1t3x55 · January 19, 2019, 10:51pm

Did anyone get code execution?

1NC39T10N · January 19, 2019, 10:55pm

Rooted. Loved the box. Hints:

No brute force is necessary
It is possible to get RCE (hard), but much easier to find creds
You have to partially guess a username

veterano · January 19, 2019, 11:08pm

The N***.JS is the way to go?

jkr · January 19, 2019, 11:15pm

I didn’t need that. But seems others used another path and did need it.

r0tt3d · January 19, 2019, 11:41pm

Ok, so i have been sitting a while trying to get a shell. Could someone PM me so i can find out if my method is not a waste of my time? (Don’t want any spoilers) Cause i feel my method is the way to go.

w31rd0 · January 20, 2019, 12:36am

are we supposed to get creds? cause i seem to be failing on that
also the unauthenticated exploit is not working (maybe modification is needed?)

vanquish · January 20, 2019, 12:37am

Could I get a hint please? Ticket portal or JOSN page?

jkr · January 20, 2019, 12:43am

You can use one or the other. There is at least two ways you can go.

umby24 · January 20, 2019, 12:50am

hints on privesc?

r0tt3d · January 20, 2019, 1:01am

Should i keep on trying different bypass methods for my shell upload or am i wasting my time? Should i try and get a shell in a different way?

Moayad · January 20, 2019, 1:12am

hint for root please

0xEE912 · January 20, 2019, 3:14am

Got half the user… need some tips for finding the rest?

opt1kz · January 20, 2019, 3:36am

@r0tt3d said:
Should i keep on trying different bypass methods for my shell upload or am i wasting my time? Should i try and get a shell in a different way?

I really can’t say too much without spoiling things, but I would strongly advise you to review the code on github. If you look closely, you’ll be very surprised at what you find.

kindred · January 20, 2019, 4:34am

deleted

sh4rkJ4w · January 20, 2019, 4:45am

@opt1kz said:

@r0tt3d said:
Should i keep on trying different bypass methods for my shell upload or am i wasting my time? Should i try and get a shell in a different way?

I really can’t say too much without spoiling things, but I would strongly advise you to review the code on github. If you look closely, you’ll be very surprised at what you find.

That is a good hint

vanquish · January 20, 2019, 6:11am

It seems I bypassed the file extensions upload for my php session, but I have not idea where its uploaded to. Looking through the GitHub I dont see anything.

GrafEisen · January 20, 2019, 6:25am

Took me a while to know I had to time travel, I feel discriminated.

Null0ranje · January 20, 2019, 6:25am

@vanquish said:
It seems I bypassed the file extensions upload for my php session, but I have not idea where its uploaded to. Looking through the GitHub I dont see anything.

Look harder. It tells you where to look if you’re reading the code.