Networked

crankyyash · September 15, 2019, 12:08am

Type your comment> @tripster98 said:

I think we are supposed to use exiftool for uploading the image?

No. No need. google magic bytes and how they are used

seVen7 · September 15, 2019, 1:04am

ok so I have a shell but everything on this box is owned by root except the user ***y and my shell dropped me in as user ***che. Im hitting nothing but walls. Anyone have any friendly advice?

crankyyash · September 15, 2019, 1:05am

So I was in uploads folder and saw some weird uploads by people who dont know how to upload the first shell. I just saw a file name having ‘XSS’ in it. Stop the trial and error and go google file upload vulnerabilty. There are 4-5 methods and practise and try all of them. I am now attempting user. Folks who are complete beginners can pm me if you need help.

acc3ssp0int · September 15, 2019, 5:57am

Completely stuck! using the u**** function and tried pretty much all bypa*** to u****
Can someone nudge?

rholas · September 15, 2019, 9:14am

root finally

J0ckr · September 15, 2019, 9:59am

guys need a nudge on the box. I have got the reverse shell but not able to dig further. Kindly help.

kalagan76 · September 15, 2019, 10:37am

Type your comment> @Gordin said:

@tripster98 said:
 I think we are supposed to use exiftool for uploading the image?
I recommend you and everyone stuck on the initial shell to keep it simple. There is a very trivial procedure to inject a payload into an image file and it works on this machine. Also, to be on the safe side, consider using one of the images which are already uploaded to the gallery by localhost to avoid eventual size and format restrictions.

Hi, thank for the tips. I used one of the image in the i***s folder and put my reverse shell in it. Uploaded it successfully but when i refresh the gallery i can’t see it. I’ve got one of my console in listening mode (nc -lvp 1234), but nothing happens…

Trying to figure what i am doing wrong…

0rbit4L · September 15, 2019, 2:23pm

User at long last…thanks @tang0 again for sticking with me taught me alot your a solid dude. Now on to root…

nav1n · September 15, 2019, 7:22pm

Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.

PMs are welcome

seVen7 · September 15, 2019, 7:25pm

without > @Un1k0d3r said:

Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.

How the f*** did you get user if your apache?

nav1n · September 15, 2019, 8:13pm

Type your comment> @letMel00kDeepr said:

without > @Un1k0d3r said:

Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.

How the f*** did you get user if your apache?

Thanks . BTW, I got the root

crankyyash · September 15, 2019, 8:53pm

Got root. My first ever htb box!! If someone is finding difficulty in any part of the process, feel free to pm me.

z4c777 · September 16, 2019, 12:34am

I have to say even though it’s rated as an easy box I learned a ton. For root don’t overthink things!!

Dabson · September 16, 2019, 2:12am

So I was able to get the initial shell triggered simply. Though reading through this c_a.php file I have no idea what I am looking at. Not great with PHP but it seems you don’t have to be. I must be missing something obvious as usual. Anyone wants to PM a nudge would be helpful

Edit: wow yeah I was totally missing something obvious,. thanks for the tips. now for root.
Okay root was easy once you know the exploit which is not hard to find when you see what the script is doing.

robo224 · September 16, 2019, 8:41am

Need a nudge for user… I can see the user.txt file, but cant read it. I see c****_a*****.php. Is that needed in any way ? What does touch have to do with all this ? thanks

H3L1OS · September 16, 2019, 10:55am

Guys i need help im stuck on apache im struggling to escalate i see what i have to do i just dont know how to do…pm’s are welcome

FoX01 · September 16, 2019, 11:31am

Type your comment> @H3L1OS said:

Guys i need help im stuck on apache im struggling to escalate i see what i have to do i just dont know how to do…pm’s are welcome

Look carefully at the file c**_at**.php and see how you can execute your commands.

JumanJi · September 16, 2019, 1:51pm

Hello guys, i got a shell through an image jpeg upload and i can see and browse the /home/folder but i’m currently blocked to get the user.txt if someone can help me to got this… i see the username but i cannot use the cat command on it

clubby789 · September 16, 2019, 7:53pm

Rooted. Interesting, quick box. I’m not great at reverse shells, so I think I the flag bounced through about 7 points back to me.

@JumanJi said:
Hello guys, i got a shell through an image jpeg upload and i can see and browse the /home/folder but i’m currently blocked to get the user.txt if someone can help me to got this… i see the username but i cannot use the cat command on it

You are an unpriveliged user, you can’t read that file yet.

Buddhism · September 17, 2019, 1:41am

Hey all
I’m at the C***_A****.p*p file. I understand I need to do something with this. My question is how?
I mean, where can I see the output, see it worked, and/or modify the file?
Im brainfucked stumped on this.
Any PM’s would save a life