Obviously, I find what I am looking just after asking for help ?.
Search for OWASP documentation about file upload. There are some strange configuration about what get to be executed on a server.
■■■ that is literally the dumbest thing I’ve ever seen. Wasted like 2 hours on this one
So i know the username and have tried adding my key to the authorized_keys file, also tried known_hosts but I still get the Permission Denied (publickey) error. Any thoughts?> @a3n3a said:
is it normal to have theseus@10.10.10.185: Permission denied (publickey). ???
stuck in www-data
got a USER !!!
Hint: use alternative way
Can you DM me the alternative way? can’t get past it
Whatever you find, keep it, and use it. (:
So i know the username and have tried adding my key to the authorized_keys file, also tried known_hosts, but I still get the Permission Denied (publickey) error. Alternatively tried using locate .pub to identify any accessible keys from RCE and tried these as my own as well. Any thoughts? PM?
Hi All. Working on root. When trying to upgrade the shell, it seems I am now getting an error that won’t allow /bin/sh commands. Anyone having that problem or know how I might be able to get around? This was not an issue for the last few days.
I’m having the same problem. And when I try to execute any commands using the shell type i get cannot open xyz binary:
root@ubuntu:/# /bin/sh echo hello
/bin/sh: 0: Can’t open echo
Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?
@flymomike said:
Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?
NVM accepted both flags when I tried a different way to enter them
@flymomike said:
Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?
NVM accepted both flags when I tried a different way to enter them
Just out of curiousity, would somebody mind giving me a nudge how you would get round the login page at the start without using some of the more common OWASP top 10 gotcha’s, which I obviously used.
huh, the first part was hard, but also it was a great machine, I learned a few things, also thanks for the great hint @choupit0 and thanks @TRX for this box.
Could somebody please give me some help in getting the user account. I’ve been stuck in the w******a shell for days, I think I see how to get from the user to root but for the life of me I can’t see how we’re supposed to get to the user
Could somebody please give me some help in getting the user account. I’ve been stuck in the w******a shell for days, I think I see how to get from the user to root but for the life of me I can’t see how we’re supposed to get to the user
Argg
i do not know the stuff for root, spends hours seeking all process.
But what a fun box, i learn lots of things, even for the Rabbit holes
PM for nudge are welcome
Given all your comments, I must be doing something really stupid or not seeing the obvious, as I am struggling to get a foothold. I have tried 'bypassing ’ using Burp Suite and use of the ‘curl’ command but without any joy. As a nube, please can someone DM me and shed some light on what I should be doing? Thanks
I think I have the way but I am missing something critical. I can reach the desired foothold page via curl and burp repeater but am unable to interact any other way. Any nudge to get me past this bump will be greatly appreciated.
Nice box, I was amazed on the first foothold, so simple I nearly didn’t take into consideration to try it…For the Root part I really wasted some time because I forgot to export path xD
TBH some of the tips in this forum are so cryptic it feels like trying to understand klingon.
Here’s a few of mine, maybe it helps…
Initial foothold: it’s a login form, think basics, don’t over complicate it
User: It’s pretty straight forward, it’s not the first and neither the last machine vulnerable to this… even a monkey could pentest it just don’t forget to sign your magic.
Root: Honestly this is a bit harder and not all the information you find online is gonna help you that much… To begin just search for what binaries a user can execute then start digging into them and see which can be exploited and how. #suid