Official UpDown Discussion

Great machine, teaches a lot for this kind of vulnerability, thank you!
root:$6$35UwqDmGM31K3z1O$EV0yHaL…

  • Foothold: 1st enum properly, than you will figure it out what to do but it is quite hard to start in the right direction if you don’t know the technique. I fall into the rabbit hole that not everything is allowed on the server that it was on my own machine, so after days I had to find a different solution and I learnt a lot. But than you figure you don’t even need to go that far don’t need much of the advanced stuff because it is way easier kind :sweat_smile:

  • User: easy technique, old snakes are vulnerable

  • Root: really is a piece of cake

This was actually a really fun box and I highly recommend it! If you enumerate properly you should have no problem with user or root. Just a few extra steps for user that make it a little challenging, but worth it!

As everyone has said above, root is actually a handout…

(Knowing the phrase for something special, showing the ways to somewhere great.) are you meant about the .php file can you pls specify it?

I couldn’t get the php reverse shell, can you help me with a hint

could you pls help me with a hint? i was stuck with getting connection my proc_open code was not exactly working :disappointed_relieved:

Rooted! Nice medium machine with interesting custom vuln foothold.
There are my hints:

Foothold:

  • Enum, enum, enum… Gobuster users neglect recursive fuzzing (like me) and can get stuck for a long time because of it
  • When you finally got the code you don’t have to invent anything, just give the script what it wants
  • P** has a lot of extensions, but were they all banned?
  • Try to delay the script to do your dirty deeds

User:

  • When you find and try it, you will understand how to use it. Py****2 is very different from Py****3

Root:

  • So base, gtfobins to the rescue

PM me if you need a nudge :slight_smile:

Hello ,
I have the private key but it’s IMPOSSIBLE to use it to connect.
I’m getting an error “in libcrypto” when trying to connect using ssh …

Pretty easy !