I’m stuck on downloading the zip file and tried to upload a revshell but it does not execute it so i can’t get a shell. any nudge?
EDIT: i found the bug. for other people that can’t seem to figure it out but found the potential bug, sometimes, text outputs are not that useful
TIP: if you’re wondering if it really works or not, try replicating the code
I have the same problem as the comment above me.
Do you have to figure out where the server stores the files?
Type your comment> @RawkStar said:
I’m stuck on downloading the zip file and tried to upload a revshell but it does not execute it so i can’t get a shell. any nudge?
Isin’t about file upload. Try to figure out how the system works.
Type your comment> @RandomPerson00 said:
I have the same problem as the comment above me.
Do you have to figure out where the server stores the files?
Don’t try to go with a file upload. There are other ways to get a shell.
Rooted Easy Box
@obfucipher
Via some kind of SQ** or something completely different?
Parameter in******?
Any hint for entry point, I can’t do anything
for those who are wondering either john or hashcat not workin properly, i think its about how you used your cmd like m 500 for cat and m*5crypt-long is mr.john’s way of doin it, tried both, mr.j’s a bit fast than cat but both takes not more than ten min in a free amazon tier.
Rooted. Nice box @m4lwhere
That was a super box, very much enjoyed it!
Type your comment> @CyberRobotX said:
Any hint for entry point, I can’t do anything
I sent you a DM with some help
Can’t do much 
Any hint for entry point.
So interesting what I am missing !
Got foothold but can’t seem to get user. I know what needs to be done with S** but cant seem to figure out where or even how to implement… Anyone mind giving a nudge or DM me…
Great box, Thanks!
previse
root
uid=0(root) gid=0(root) groups=0(root)
So some people gave me a hint. I tried playing with the “dangerous function” indicated in one of the files from the zip file and I tried multiple separators but nothing worked. I even created my own php file and used the same exact code (different contents ofc) but i still can’t seem to inject code in it. am i doing something wrong?
EDIT: found it. sometimes, text outputs are not that useful
solid easy box. Smashed my head for gettin root, was totally overthinking this.
Foodhold
Sometimes the browser is lying to you.
User
Classic enumeration. Don’t panic about bad chars and take it as it is.
Root
You should go new ways.
PM me if you need a taco!
ROOTED ! Great box overall. As a newbie, It really made me think.
Foothold: Numbers are deceiving
User: Found it weird? Do it the classic way
Root: Ya all found your path to vaccines?
Type your comment> @1l0v374c05 said:
solid easy box. Smashed my head for gettin root, was totally overthinking this.
Foodhold
Sometimes the browser is lying to you.User
Classic enumeration. Don’t panic about bad chars and take it as it is.Root
You should go new ways.PM me if you need a taco!
im a little confused after found out the solution for root…i even simulated something similar on my own machine and it was different…can someone explain how the ‘way’ stay the same after you run it as someone else i thought it wil be different hence make it not viable
Type your comment> @yth123 said:
Type your comment> @1l0v374c05 said:
solid easy box. Smashed my head for gettin root, was totally overthinking this.
Foodhold
Sometimes the browser is lying to you.User
Classic enumeration. Don’t panic about bad chars and take it as it is.Root
You should go new ways.PM me if you need a taco!
im a little confused after found out the solution for root…i even simulated something similar on my own machine and it was different…can someone explain how the ‘way’ stay the same after you run it as someone else i thought it wil be different hence make it not viable
because of the sudo rule?
Rooted! Great easy box!
root@previse:/root# id
uid=0(root) gid=0(root) groups=0(root)
Ping if you need any hints.