Official Zipping Discussion

Is the upload part the correct path to get user?

I have a primitive LFI but no further

I’m a little bit stuck with root escalation… already found stock password but don´t know how to proceed …

stuck with the upload part could use some hints here:)

im also stuck on executing the file I upload. I found a LFI but not able to connect the two. need help with the “disappear” part

2 Likes

Nice machine, it looks like they patched the initial vector I was trying yesterday, so now you have to go directly for the RCE, after getting the user check for the usual dont go too deep into the rabbit hole, just use simple tools.

Good Luck!

root is easy If I am to say!
User needs tricks and some wit only, this is like you figured out the way but can’t execute, just try to execute it in any possible way you can think of, experience gain from doing differently focusing on one goal many time, User took me like over 5 hours of trials and error! but it really worth it(for me).I am glad I didn’t even close to that rabbit hole xD(because only focus on what I think it works).

1 Like

Can anyone help me with the initial foothold? Not sure if I am digging down the wrong rabbit hole here

did you figured it out?

same here

nice)

can someone help me with user?

can I get a small help regarding the RCE?

Special thanks to @Chainmanner for the nudges and pointing me into the right direction. It was a relatively easy box in hindsight. IMO the hints others have given should be enough to root the box.

Can someone give a nudge regarding the user?

Finally got it! root it’s easier than I imagin :sweat_smile:

4 Likes

Hi everyone! I have a trouble with user path. Give me a hint please!

I have got the mysql username and password,but I have no idea to get user shell

Same here

same