Is the upload part the correct path to get user?
I have a primitive LFI but no further
Iām a little bit stuck with root escalationā¦ already found stock password but donĀ“t know how to proceed ā¦
stuck with the upload part could use some hints here:)
im also stuck on executing the file I upload. I found a LFI but not able to connect the two. need help with the ādisappearā part
2 Likes
Nice machine, it looks like they patched the initial vector I was trying yesterday, so now you have to go directly for the RCE, after getting the user check for the usual dont go too deep into the rabbit hole, just use simple tools.
Good Luck!
root is easy If I am to say!
User needs tricks and some wit only, this is like you figured out the way but canāt execute, just try to execute it in any possible way you can think of, experience gain from doing differently focusing on one goal many time, User took me like over 5 hours of trials and error! but it really worth it(for me).I am glad I didnāt even close to that rabbit hole xD(because only focus on what I think it works).
1 Like
Can anyone help me with the initial foothold? Not sure if I am digging down the wrong rabbit hole here
did you figured it out?
same here
nice)
can someone help me with user?
can I get a small help regarding the RCE?
Special thanks to @Chainmanner for the nudges and pointing me into the right direction. It was a relatively easy box in hindsight. IMO the hints others have given should be enough to root the box.
Can someone give a nudge regarding the user?
Finally got it! root itās easier than I imagin 
4 Likes
Hi everyone! I have a trouble with user path. Give me a hint please!
I have got the mysql username and password,but I have no idea to get user shell
Same here
same