Official Pilgrimage Discussion

Feel free to DM me if you’re still stuck and I can nudge you along.

im about to root the machine but idk why the script is not running been checking in pspy64. thus no exploitation… am i missing something?

done. i ran exploit in the directory itself and it worked. idk why just tried that way.

Just owned the box.

Thanks for help @JimShoes and @Zard for user: i have been stuck at finding location of database then i learned “the source file” s are not the same file obtained from dumping directories even though they have exactly same name. Then i stuck at obtaining user password part it took many trials for me to realize t***profile only allow changing 12 characters max. You can check yourself by using exiftool . For root thanks for previous user (whoever you are :face_with_hand_over_mouth: ) who left files at home directory to indicate attack vector and also thanks to @1cysec

i got the user and password, but ssh keeps failing, pls help

i got it now, but i’m having isses with root any help?

rooted a while ago, if uneed hint hmu, i always check my inbox

Need to add the ip address of the host to your /etc/hosts file otherwise you will get nowhere. Don’t know if is part of the challenge, misconfiguration, or assumed standard practice with boxes. No write ups I have seen have mentioned this.

Working HTB for the first time. Having a some issues with this box. Conducted the nmap scan. the results is not showing a git repository. did something change?

Made a tool for easier user exploitation. Might be spoilers if you did not get the user yet so beware.

Github link:

Rooted the box but need someone to explain why the exploit has to be done in a very specific way (location/moving the file). I was only able to get root because of that hint in here which wasted a lot of my time… Please send me a DM!

Just owned the box. If anyone needs a hint feel free to DM me.

Finally root the box and let me tell you something : the user gave me ■■■■ !

Hint 1 : Everybody on the forum claim to focus on the source code … well that is not so obvious. There is actually a lot of enumeration to do before you get there. And not only via dirb ou nikto.

Hint 2 : Once you get a clue of what s running on in the backend of this application. Just google it.

Hint 3 : Once you get a shell , monitor what root is actually doing on Pilgrimage. It took me 10 min for the root versus a couple of days for the users. You can do this :slight_smile:

There are two ways of getting the file where it needs to be. One of the ways alters the image which is why it doesn’t work.

tried both and for me not working, just remains to cat root


Could someone give me some hints ?
I found a file read vuln and tried to read php file but failed.
I have looked for /var/www/html, /var/www/pigrimage/ and so on but failed to…
if you help me, I am happy to send dm me or reply for my question.