Reading files, but I can’t find any ssh files in the user’s home directory e**** need a hint
1 Like
DM’d u
me too man! hit me as you get an understanding
1 Like
whatever you have in the directory, the app uses it so check every possible tool or file and check its version maybe it’s vulnerable.
if you’re able to exploit the vuln and read local files then check the php source code you might find some database files, etc.
1 Like
Could’ve been done with this so much faster if I didn’t overcomplicate things.
DM if you need a nudge, be prepared to explain what you’ve done.
Tips:
Foothold: routine webserver enumeration, hidden directories
User: read source code, question what process is doing what.
Root: cp, not mv, watch pspy, and tail doesn’t care what your name is.
8 Likes
Rooted. I really liked this box, Finding the vulns was easy, but exploiting them wasn’t (at least for me). My advise is to look at the explanations of the vulns, and dont just run random code. I had to change a lot of the code i found on the internet to get it to work. DM me if you need help
Rooted. Easy machine, really straightforward.
DM me if you need nudges.
Got user flag but stuck on getting root. Did some enumeration but nothing jumps out. Looked at the source code and wondered if this could be exploited but not sure if this is the right track,
Really nice machine. Worked out just fine. Props tim; while it’s marked “easy,” it was quite challenging fun.
There are many little things that can go wrong. I also overthinked it quite a bit instead of doing straight-forwardly. Spent lots of time doing something else that wasn’t needed at all. Enumeration is key. Root is pretty easy, but getting user foothold needs some tinkering around. There are sufficient nudges in the forum above. Feel free to DM for pointers. (And thank you @ziadaligom3a2!)
2 Likes
Once you get your foot on the machine, check what’s running. Look around.
Rooted !!!
Thanks to @OniSec !!
2 Likes
Rooted, awesome box
Lab is stuck for me. Says: Lab is currently under maintenance
y’all as well?
me too
Pwned!
This is machine was kinda tricky, but must of all because I got distracted 
User: Fuzzing goes better with a basic wordlist, the you can use an extra tool to dump the rest. Anyway my mistake here was not investigating the files that I had already found.
Root: Pretty straight forward, check processes and the rest is just googling.
You can DM if you have any doubts, penitent one.
im so happy to run on my pc a non patched rce vulerable program ! YAY
i get e***y cred , but i doesn`t work on ssh ,any hints?!!!
I’m trying to upload a file after connecting in the machine but I get an error saying “No space left on device”. ANy help?