Great box.
Small hints (remove if too much)
- Foothold: pdf metadata
- User: creds are somewhere on the system
- Root: sudo+ruby+bash, trio fantastico
Great box.
Small hints (remove if too much)
/dev/shm is a good place to set up shop in a hidden directory that isnāt persistent as well. Not sure why they went as far as modifying bash though, thatās just a messy and unnecessary extra step.
Hello all. I need help getting a foothold on this box. I tried many different things but Iām stuck now.
I tried to BF directories but I didnāt find any.
I tried LFI with php data filter to run code but that didnāt work either
I tried to discover all ports with -p-
I interecpted my shell.php with Burp but I fail understanding what to change (if I have to) in order to bypass filter if there is any
Rooted! DM me on discord (n3hal#1527) if anyone need a nudge.
hi tnx its actually working now.
Hey, im currently getting error when forming a rev shell, ācannot execute binary fileā and rev shell ends. anyone know a fix for this? i tried using zsh and bash shells nothing changed. Thanks!
Hey folks, I havenāt rooted the box yet, but I think that I can save people some headaches on the āCannot resolve remote URL!ā error.
Iām not sure if anybody said this yet, but try adding a space after the URL.
āhttp://google.comā fails to resolve. "http://google.com " does. I thought that the box was broken.
Pretty simple box! Canāt say much on here that hasnāt already been said.
Initial access: Thereās software running that performs the only function the website is built for. Figure out what it is and how to use it to your advantage. Sometimes you have to go beyond traditional website enumeration.
User: Do some manual searching around the box. Probably wonāt need to travel too far from home.
Root: It was super easy finding the privesc method, took a little Googling to figure out what to do with it. Found it by running one of like 3 commands I always run when getting a new shell.
P.S. I donāt get on the forums very often. I probably should be the last person to message for hints.
nice box, rooted if you need help send DM for help
Dude thanks. This hint cracked the user for me. In plain sight
Rooted a few days ago. Old machine but if anyone needs help chuck a forum message.
Is there something wrong with this box? FYI Iām a paid user and this is the experience im getting
on my kali machine, unable to connect to my python3 -m http.server 8080 error message āCannot load URLā. But when i do the exact same thing on pwnbox it works. This is super frustrating because I wasted so much time wondering why it would not connect
On Pwnbox precious website keeps crashing (And iām a paid used so there is only 2 users)
Fun box! The foothold was interesting.
All the hints you need are in the thread but the something that tripped me up : single quotes arenāt the same as backticksā¦
Agree with @paddanada ā¦ this is also easier if/when you know what to Google; copy and paste was my friend.
Made an account just to thank you for this.
This was my first machine iāve ever played on, and this hint helped me find user.
(spent like 8 hrs tryna figure out why the webpage wasnāt working)
However, I didnāt get to find root and probably will leave this machine for another time.
Thank you @Thy_GoD , I appreciate that.
I am also glad to see that I am not the only one that struggles with some tricky things on these boxes. I get discouraged when 20 posts say, āEASY BOX! SUPER EASY!ā (which isnāt useful) and I am still wondering why my approach doesnāt work. Iām glad to know that itās not just me.
Yeah after failing to find root, I searched up youtube walkthroughs of people doing other retired machines.
Safe to say itās āEasyā in more experienced peopleās terms, but in our world itās much more confusing.
Iāll probs stick w academy first before trying root (or wait until a walkthrough appears).
how are you guys getting pdfsā¦ I tried both local and remote urls but it still gives me the same output
Cannot load remote URL!
a small hint will be appreciated.
edit: never mind it was a problem with the browser, works in burp
you had to put a spacing after the url you submitted.
Dunno what kind of ā ā ā ā bug it was.
Why is the foothold so annoying. Found the lib that converts it to pdf and itās version. Still not working as expected LOL