Magic

TheCryptonian · April 24, 2020, 2:23am

Spoiler Removed

mty0x · April 24, 2020, 5:05am

Rooted…!!

User: Find a way to upload, get a stable shell first and then Enumerate !
Root: Find an interesting file and learn what it is running!

You can PM anytime for HELP…!

dskeet · April 24, 2020, 5:57am

I’ve been fighting with this file upload deal for a few hours. I’ve done everything I can find to bypass file upload restrictions. I can’t get anything to upload successfully. Usually this is fairly trivial… but it just isn’t working at all. I really need some help. I obviously can’t list everything I have tried here, but I’d be happy to spell it all out for anyone willing to throw me some help in a PM.

EDIT: Of course right after I post that it starts working. No idea WTF was going on before. Now everything works like I would expect it to, even though I’m doing exactly what I have been trying all night lol

Red09Devil · April 24, 2020, 7:54am

Rooted finally. ■■■■ interesting box it is and learnt a lot from this machine. I hope many machines will come like these.
User: Do your homework and see what can be done to make an ordinary file into a reverse shell script. You will be tricked with non working passwords but mysql is with you.
Root: Just see what functionalities are running and just keep going on, here also the previous script will help you.

If you are stuck then feel free to pm!!

fr0ster · April 24, 2020, 8:27am

Type your comment> @RedDevil09 said:

Rooted finally. ■■■■ interesting box it is and learnt a lot from this machine. I hope many machines will come like these.

But what do if you can’t upload nothing? All other can does it but only not I?

TazWake · April 24, 2020, 8:47am

@newrookie said:

Can curl be used to upload the file? I want to use it (-F option not -X POST) cause I don’t know what to post in the request, even if I’m looking at u****d.**p. Any hint?

You dont need to use curl, you can just upload a file.

TazWake · April 24, 2020, 8:49am

Spoiler Removed

TazWake · April 24, 2020, 8:50am

@fr0ster said:

Type your comment> @RedDevil09 said:

Rooted finally. ■■■■ interesting box it is and learnt a lot from this machine. I hope many machines will come like these.

But what do if you can’t upload nothing? All other can does it but only not I?

If you are struggling to get an attack to upload. Google ways to bypass the problem. One of the first hits is a goldmine of information.

fr0ster · April 24, 2020, 9:27am

Type your comment> @TazWake said:

@fr0ster said:
If you are struggling to get an attack to upload. Google ways to bypass the problem. One of the first hits is a goldmine of information.

I struggling to upload any file.

lancelai · April 24, 2020, 9:33am

Spoiler Removed

TazWake · April 24, 2020, 9:43am

@fr0ster said:

I struggling to upload any file.

In addition to the very good advice from @lancelai - start by making sure you can upload a legitimate image file. Get a random jpeg from the internet and see if that works.

If that doesn’t work, you have other problems.

FunkyMcBeef · April 24, 2020, 11:31am

Hey guys. Some of you said they were automating the user process. I already got user and am trying to automate it now before advancing to root.

Mainly for a learning experience since i am fairly new to python and requests

However i ran into some issues. If somebody is willing to check my (most certainly bad) python code that would be awesome.

in3vitab13 · April 24, 2020, 12:22pm

Spoiler Removed

TazWake · April 24, 2020, 12:30pm

Spoiler Removed

gemagician · April 24, 2020, 1:07pm

Hello guys. i cant upload any file, even a simple image(jpg,png etc). Does anyone has the same problem? It looks like the page refreshes after some time when i hit upload.

saveTheCapyb · April 24, 2020, 1:24pm

Type your comment> @gemagician said:

Hello guys. i cant upload any file, even a simple image(jpg,png etc). Does anyone has the same problem? It looks like the page refreshes after some time when i hit upload.

there is message on the top left corner that your image is uploded…
do you see it…(after uploding)

Tempuslancien · April 24, 2020, 1:40pm

Hello,

If someone could help me, I need help!
I don’t want to spoil but my Rev shell does not work with the webshell call.
The command liner works as some basics command work.
I did a tcpdump on my host and the reverse connection do not arrive.
I’m able to ping myself from the target however.
I tried a reverse conn using py, py3 php, nc…
I’m clearly stucked…

Thanks in advance

gemagician · April 24, 2020, 2:04pm

Type your comment> @thescriptkiddy said:

Type your comment> @gemagician said:

Hello guys. i cant upload any file, even a simple image(jpg,png etc). Does anyone has the same problem? It looks like the page refreshes after some time when i hit upload.

there is message on the top left corner that your image is uploded…
do you see it…(after uploding)

thank you for your answer. I solved it. it was some problem with my host’s vpn connection not my vm’s. i turned it off and the problem is gone. thank you very much again.

madm4n · April 24, 2020, 2:35pm

Spoiler Removed

lancelai · April 24, 2020, 2:37pm

Type your comment> @Tempuslancien said:

Hello,

If someone could help me, I need help!
I don’t want to spoil but my Rev shell does not work with the webshell call.
The command liner works as some basics command work.
I did a tcpdump on my host and the reverse connection do not arrive.
I’m able to ping myself from the target however.
I tried a reverse conn using py, py3 php, nc…
I’m clearly stucked…

Thanks in advance

You can try other shell instead of webshell ?