Rooted.
Very nice box, pm for nudges.
Great box. Enjoyable and relatively easy for those familiar with standard concepts. The root priv-esc is one of those; youāre either familiar with it or youāre not, but it is very simple cyber-101 stuff and, for those not familiar, the hints on here are discreet enough to aid you if you look at them carefully. Thanks to @TRX for a solid machine.
yay! rooted!
Enough tips in this threadā¦ very simple once you spot the right file
Great box for me, especially since I am starting, I have learned a lot.
Iāve got user 3 days ago but cannot take rootā¦ wtf? can anyone help me, please? Iām totally stuck. Thank you.
@IvanGlinkin said:
Iāve got user 3 days ago but cannot take rootā¦ wtf? can anyone help me, please? Iām totally stuck. Thank you.
Find a file which might be useful, look at what it is doing and then exploit the road it takes.
can someone help on how to get user i am as www-data i have some creds from d*.**p5
but then i am stuck
Can someone give me a little nudge for the initial foothole?
From what Iāve read itās simple, but I have know clue what to do.
I found ln.php and u*d.php but I only can interact with first.
@mava said:
Can someone give me a little nudge for the initial foothole?
From what Iāve read itās simple, but I have know clue what to do.
I found ln.php and u*d.php but I only can interact with first.
If you google for what you are trying to do, there is a post which should be one of the first results and is full of useful information.
Other than that try uploading various things to confirm what is and isnāt allowed.
@xenofon said:
can someone help on how to get user i am as www-data i have some creds from d*.**p5
but then i am stuck
Try dumping to see if anything useful comes out.
i have uploaded my image but I get a Page not Repsonsive Error when I go to the image
Tried what I thought the box name suggests but didnt work, can I have a little help? DM
@inc0gnit0 said:
i have uploaded my image but I get a Page not Repsonsive Error when I go to the image
If it is a legitimate image, the box might have a problem.
If it is an attack, either your attack hasnāt worked or it needs to be executed in a different manner.
For example, command shells which rely on a GET request need to be requested with a command otherwise it doesnāt really know what to do.
@H0ru5 said:
Tried what I thought the box name suggests but didnt work, can I have a little help? DM
If you google what you are trying to do, the answer is in one of the first hits.
Rooted, fun box, its a great feeling to use magic, pm for nudges.
Great box. After the disgusting ServMon, it is like a breath of fresh mountain air. As usual, if you are stuck - write to me in PM.
Rooted. The foothold was very easy, user needs a bit of enumeration, and then direct way to rootā¦
Awesome box, thanks a lot @TRX !
Pm me if stuck.
Very fun box
Why is the image getting deleted as soon as I am uploading?
Type your comment> @Anu said:
Why is the image getting deleted as soon as I am uploading?
Seems like thereās a cleanup that happens periodically. Just be ready with your file just in case ;).
Fun box - very magical experience. Here are some hints to try and help - donāt think itās too spoilery but sorry ahead of time if it is.
Foothold - web browsers and servers are stupid - trick it into thinking itās getting what it things its getting. file extensions can be magical and together
User - enum for something, then enum some more with that something. you might need to create your own mechanism for this if the foothold is too janky
Root - super basic enum techniques worked for me instead of tools (the results were overkill). find something sticky, string it up, see where it leads you
Happy to help with judges if you want to PM