Finally rooted. There were couple of new interesting things. Thanks to @0zcool and @byf1sh for help!
Still need help? Send me a DM if so.
I got a shell several times on this machine, and then it stopped working, and I canât use the same exploit I used again. Anyone have this happen?
I am facing the same issue from yesterday onwards. I got the user shell and planned to go for the root later. Now I am unable to exploit using the same method.
ah, love it when a ctf task or a box is just âfixedâ after a thousand people have solved it
Can u help me with shell? I cant upload my php file with bypass
Anyone free to give a little hint on how to get the shell ?
Thanks in advance
i need help, please iâm not getting a reverse shell
it is throwing a 404 when i try to acces the uploaded content thru the link it gave
anybody?
i need a nudge
I can help. DM me with what you have.
DM me with what youâve tried and i can try to help
still needing help
I got user shell after some tries, but now I redoing the same exploit but not working!?
was the box changed or what !?
itâs so weird,
happened to me as well
something changed in this box
Hi to all, I found a valid way to the initial intended way for this machine, but I donât know why the last part of my payload works hahaha, somebody can explain me? I will appreciated it on DM
Meanwhile: ** For thus stuck in some strange change, looks like this machine âchange somepart of famous /shell to win/ initial easy wayâ , consider exploring another pieces of code using machine name vector and remember, If there is a control to mitigate a code that could be potential vulnerable, probably there is a way to check around and win ⌠Hack Tricks PREG you to be a friend, find a way to MATCH for a relationship.
anyone online?i need some help
same.
I have tried doing many variations of the exploit and I keep getting Not Found, has it been patched or am I doing something wrong? please help.
In case if you are wondering why are you getting 404 not found
, they have patched it⌠you canât drop files now⌠you have to figure out the intended way which is also so easy to figure outâŚ
Finally can do it.
Initial Foothold and user:
-Found zip vector, hacktricks talk about that.
-Read all code you can, if you think a control works fine, search about how bypass.
-Donât overthink, keep it simple a probe simple payloads for new vulnerabilities.
-Search common paths writable for all, review your own filesystem, Linpeas said you a lot of time in other machines.
-If you want to get some file and execute, think how application original logic make it this possible.
-check two times chars in all payloads, sometimes changing a little quote can generate a false sense of exploitation.
Root: search for tools that get you information about this file. if you need some secret, remember classic techniques on CTF file analysis. And âŚ: âif a girl doesnât looks for you, HIJACK his SHARED catâ