Can I get a nudge for user flag? I have a shell, and see the c********.*** file - don’t know what to do from here (I’ve tried too many things to mention here).
Ok when I run c****_****.p I see interesting actions that exist in the /v…/…/…/up… folder, but the names are something that is not touchable, and I am thinking I need to add my own. I HAVE NO IDEA how to go about this! Any assistance would be fabs!
Thanks All!
EDIT: USER Completed: For those having issues, TOUCH
.
Can someone give me a nudge on the privesc to user? Based on what has been said in the forum already, I’ve been looking at c****_a*****.p** and can see the frequency with which it runs, I can’t seem to modify the file however, and am not sure how to proceed.
For those stuck on a PHP-script, i would like to add that you don’t need to be able to read/know PHP in order to spot the vulnerability, as the actual flaw in the script is not PHP-specific.
Do some targeted thinking: I want to smuggle some command in, where could i possibly do that?
Finally rooted. Turns out i wasn’t using sudo with the correct script xD;
Some takeaways:
-Do use sudo
-Use absolute path
-You don’t need another reverse shell
-Try replicating the $y=$x scenario in your shell.
PM for help.
Big thanks to @cyberpathogen and @3DxHex
is there a level after root that I’m missing, or is the root.txt flag missing?
edit: flag is there today, guessing it was a temporary issue. this one was a lot of fun, thanks!
please don’t run any PHP script suing a***he user, by doing this you are ruining/ spoiling the server. I have one hour trying something and got the same wrong result because of this.
i cant get my shell to last more than a minute at a time, near impossible to do anything…very frustrating
For all that are thinking they need to actually edit the php script within the interesting application for USER. Stop trying to change the php code, you dont have permissions to do it anyways. TOUCHING is the way to go, just remember there is a certain way that we have to TOUCH ‘things to have them work the way we want them to’
HINT for USER : Look at the directory that the interesting application pulls from and then follow my last post! 
If this is a spoiler, please remove it!
THanks
Hints for both user and root:
https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt
This is a fun box; and the exploits all seemed to be a similar theme which I enjoyed. Especially coming from a mostly Windows background.
when you spent like 20 mins on reading networking scripts to find out how the argument parsing is done… and then wtffff moment
thanks to ippsec, now i can finally say - easy stuff, rooted thanks for teaching me, master
Stuck on c****_a*****.p**, any nudge would be appreciated 
Rooted! Thanks @guly for an outstanding learning experience.
Hint for USER: You dont need to edit the special _.*** you just need to look over the source and see where its pulling from. Once you get that you can ‘touch’ your way to USER.
Hint for ROOT: Do your best to not overcomplicate as I did. You dont necessarily need to understand the source of the special . but just analyze the feedback and base your next moves off that feedback! Kentucky Windage
FEel free to DM me for hints. I had a blast on this box and learned a TON.
Hello everyone!
For the moment I entered with a user shell thanks to the help of some users and for comments in the forum! I will try to go ahead following your suggestions! Thank you all!
Great project!
Type your comment> @W3st1 said:
Stuck on c****_a*****.p**, any nudge would be appreciated
Create a file and wait!
Intercepted someones code injection > @DrD3ath said:
Hints for both user and root:
https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txtThis is a fun box; and the exploits all seemed to be a similar theme which I enjoyed. Especially coming from a mostly Windows background.
thaaank u
Finally owned this box! Pm me for nudges
hi, stuck on user. Found U***.php but i cant seem to do anything with it 