Hint for HELP

FlewManChew · June 1, 2019, 1:39am

does anyone know what this message means ?
WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)

this is the message i get while i link to the shell i’ve uploaded… and it’s not connecting back to my listener…

can anyone help please?

edit: oops… i’m an idiot… firewall. duh.
thanks for helping a newb like me guys… much appreciated!
if anyone needs a push in the right direction i’ll be willing to help! just pm

v01t4ic · June 1, 2019, 2:47am

Type your comment> @xyzxyz said:

Please someone PM me “File upload is not allwoed”??? isn’t that supposed to be the way or did i miss something here?

Are you sure system tells you the truth?

0x16 · June 2, 2019, 2:01am

Hi all,

This is my second machine, just after advise on how I should start this machine off. Just an application name I should look into, just so I can enhance my learning. PM me please.

HF

woodp3ck3r · June 2, 2019, 1:35pm

This is the first machine that I do in HTB. I was a lot confused with this machine. But It was very funny.

jacknife · June 2, 2019, 1:39pm

finally rooted, I agree that the User part was waaay harder and misleading… deff check the source-code of the app from GitHub

root was EZ

sh0wa · June 2, 2019, 1:42pm

Rooted!
Pretty straight forward, im still confused if i really needed the cred from g**** api

igaralf · June 2, 2019, 7:16pm

rooted. Might someone get in touch with me to discuss the higher port method?

GibParadox · June 2, 2019, 9:06pm

Rooted!

Thanks to @jacknife for the hint on Root, and to @ecro80 for the hint on the code.

Happy to assist too.

ppaecity · June 2, 2019, 10:10pm

check port 3000 then find ticket using support center header name. be sure your gmt time.

Reiahx01 · June 2, 2019, 10:15pm

i’ve tried everything google and searchsploit has to offer with this file extension filter, any hints would be much appreciated

Enyone · June 2, 2019, 10:31pm

Type your comment> @Reiahx01 said:

i’ve tried everything google and searchsploit has to offer with this file extension filter, any hints would be much appreciated

check the sourcecode of the file upload of helpdeskz on their github repo and try to understand what exactly happens on uploading a file

Reiahx01 · June 2, 2019, 10:52pm

Type your comment> @Enyone said:

Type your comment> @Reiahx01 said:

i’ve tried everything google and searchsploit has to offer with this file extension filter, any hints would be much appreciated

check the sourcecode of the file upload of helpdeskz on their github repo and try to understand what exactly happens on uploading a file

from what i see it only appends the very last file extension, so double extension doesn’t work. tried inserting null byte and still nothing. i’ll keep looking but for whatever reason i’m not seeing it yet

oXmix · June 2, 2019, 10:57pm

I have tried all the possible steps:
submit ticket :-
step 1 file supported
1: change time zone to L0
2: upload se* with extention (no luck)/ call it back after changing the ‘x’ range

step 2 er: file not supported (no luck)
yes I have changed php -reverse -shell already using (/usr/share/webshell/php/reverse*)

in exploit not sure what code should I use ?
currentTime= (???)
Thanks

r3c0nx00 · June 3, 2019, 3:19am

Whenever I upload the exploit and compile it, I get an invalid argument error. I can run it fine from my webshell, but it does not work from the actual pty shell.

Reiahx01 · June 3, 2019, 5:38pm

rooted!!! finally!!!

iAMshell · June 3, 2019, 7:57pm

need hint to proceed with .*s or shell upload, or port 80

LordImhotep · June 3, 2019, 11:43pm

Manage to get root without obtaining credentials via the Shiv query, if anyone could enlighten me via PM what the query is I would be grateful as I am intrigued.

Anyone seeking nudges feel free to PM me.

lufee · June 4, 2019, 12:33am

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

lufee · June 4, 2019, 1:20am

Type your comment> @lufee said:

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

ahh… figured it out

Reiahx01 · June 4, 2019, 1:23am

Type your comment> @lufee said:

Can anyone point me in the right direction? I tried all the different ports but keep getting “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”, someone mentioned firewall but I’m lost right now.

Pretty sure that’s a message coming from your php reverse shell. If you are listening to the port specified in the reverse shell code and you get a shell it mostly shouldn’t matter. Reasons as to why can be examined within the code