Great machine, teaches a lot for this kind of vulnerability, thank you!
Foothold: 1st enum properly, than you will figure it out what to do but it is quite hard to start in the right direction if you don’t know the technique. I fall into the rabbit hole that not everything is allowed on the server that it was on my own machine, so after days I had to find a different solution and I learnt a lot. But than you figure you don’t even need to go that far don’t need much of the advanced stuff because it is way easier kind
User: easy technique, old snakes are vulnerable
Root: really is a piece of cake
This was actually a really fun box and I highly recommend it! If you enumerate properly you should have no problem with user or root. Just a few extra steps for user that make it a little challenging, but worth it!
As everyone has said above, root is actually a handout…
(Knowing the phrase for something special, showing the ways to somewhere great.) are you meant about the .php file can you pls specify it?
I couldn’t get the php reverse shell, can you help me with a hint
could you pls help me with a hint? i was stuck with getting connection my proc_open code was not exactly working
Rooted! Nice medium machine with interesting custom vuln foothold.
There are my hints:
- Enum, enum, enum… Gobuster users neglect recursive fuzzing (like me) and can get stuck for a long time because of it
- When you finally got the code you don’t have to invent anything, just give the script what it wants
- P** has a lot of extensions, but were they all banned?
- Try to delay the script to do your dirty deeds
- When you find and try it, you will understand how to use it. Py****2 is very different from Py****3
- So base, gtfobins to the rescue
PM me if you need a nudge
I have the private key but it’s IMPOSSIBLE to use it to connect.
I’m getting an error “in libcrypto” when trying to connect using ssh …