Official Soccer Discussion

It was a bit tricky but rooted it at last

Can someone give me a hint for user, I am not sure what I’m doing wrong: I found the username and the password but somehow cannot login via SSH. Am I missing something?

If you’re still stuck there, feel free to DM me with where you’re at and I’ll take a look

does file manager exploit needs username and password??

Sometimes the admin lets them as default :heart:



Gosh that was so much fun. I learned so many things doing this machine. Both path to user and root taught me new things. The hints from the people before me was so useful. If you’re still stuck, shoot me a DM. i’ll try to help where i can.

Figured out the problem I was having before.

Just wanted to post here to say I found an unintentional solution for the second half of this box… Major spoiler below:

/usr/bin/bash has the SETUID bit while on www-data. So you can just run /usr/bin/bash -p to get root.

1 Like

I noticed this occurring with another machine (p****) at the same difficulty level, I don’t think it’s officially intended. Do you think some players are SUID’oing the bash after rooting the machine?

just use the dirbuster common directory list.

It’s seems I gotta write the script to intercept WS traffic, is this really an easy box???

rooted! thanx a lot to @Paradise_R for advice
no writing script needed! it’s all available in the web, so be free for searching.
privesc was a lil hard, but not as user though.
it was really cool machine, big respect to the author!

1 Like

Did someone break the machine? I cant load the tiny page anymore


hi, i got stuck on how to get reverse shell in soccer. I just login with the admin/default pass but the upload is not writeable.

hi, i got stuck how to get reverse shell in soccer. I just login with the admin/default pass but the upload is not writeable.

you can upload to different folders. some folders are writeable some are not. go for the obvious folder :wink:

1 Like

Thank you. But there is only one folder and i login as Admin and not able to create any folder.

If i remember correctly, there should be a /uploads folder where you do have rights to upload.

If not try the default creds for the user.

1 Like

thank you. i got the shell. no doing sqlmap

error 504
what should I do now?