I have a (what I think is) a successful ssh tunnel, but when I access the page on the high port it returns a blank page. Could someone please pm me?
Edit: figured it out, thanks dreamerscoffee!
Hey guys,
I am kinda stuck with getting the user flag, here’s what I have tried so far:
got the credentials to the SFTP and uploaded a PHP shell but no luck in executing it.
went through the help section of the SFTP command but couldn’t find anything useful in particular.
any nudge in the right direction would be appreciated.
Everything but one returns a blank page now that my tunnel is up… this seems rather… FOWL… .>:] any ideas?
i found the user.txt , but now i am stuck with root and i have no idea what to do next… any hint?
any hints about how to tunnel to high port ? thanks
Also stuck on root. Got shell as w**--**** and found the a-g thing. I am able to route the a-g thing through my machine. I have setup my own r***y, but how can I exploit without a good sign. There is a thing with a-g recently, but this one is updated already. Any hints? What are good docs to move forward?
done tunneling reached kin***m panel … stuck with creds . any help would be great
EDIT: got user flag
@whysohard said:
any hints about how to tunnel to high port ? thanks
https://www.jollyfrogs.com/jollyfrogs-pedantic-guide-to-pivoting-part-1-ssh-local-port-forwarding/
Spoiler Removed
For the ssh part some option was already mentioned in this post.
php cannot be executed from a home directory… (standard apache security) / what extensions can your browser read.
Type your comment> @r4w47 said:
@whysohard said:
any hints about how to tunnel to high port ? thankshttps://www.jollyfrogs.com/jollyfrogs-pedantic-guide-to-pivoting-part-1-ssh-local-port-forwarding/
@r4w47 Thanks !
I can see user.txt but cannot get permission, need help with getting user creds 
Got priv esc working in my lab now, but I think the system is unstable (get some broken error). I try again when less others are busy. Nice lessons learned till now.
YES rootdance… Thanks to the maker for this nice work.
It is wise to create an own lab to test the final step to root. Google on the a-g thing with MITM did help me.
Type your comment> @ecdo said:
Also stuck on root. Got shell as w**--**** and found the a-g thing. I am able to route the a-g thing through my machine. I have setup my own r***y, but how can I exploit without a good sign. There is a thing with a-g recently, but this one is updated already. Any hints? What are good docs to move forward?
Kind of stuck in the same situation here… After the initial enumeration the promising attack path but it seems the machine is hardened against “quick win” options. I then looked into a recent vuln but the version installed seems to be patched against this. The same info that leads to the attack path suggest that some settings can be used to my advantage and I was indeed able to serve something, but I encountered the same bad sign of yours.
The name of the box and some settings suggest that I should act more on the machine itself, but the few ideas I have to exploit this lead me to hitting walls.
I think I can’t be more specific without spoiling too much, but I hope someone could point me towards some useful resources to move on. If anybody is available to discuss my attempts I can be more specific in Pvt
Thank you!
im stuck at the first step of the root can any one PM with any hint please
YES rootdance… Thanks to the maker for this nice work.
It is wise to create an own lab to test the final step to root. Google on the a-g thing with MITM did help me.
Type your comment> @r4w47 said:
@whysohard said:
any hints about how to tunnel to high port ? thankshttps://www.jollyfrogs.com/jollyfrogs-pedantic-guide-to-pivoting-part-1-ssh-local-port-forwarding/
Having issues tunneling, I don’t believe it’s a syntax issue because I can use sftp creds (from sign in page) but get "administratively prohibited: open failed” when trying to access the page.
I get permission denied with o**-a**** user and cracked password from swp.
Is there another user I should be looking for?
EDIT: yup was unable to get it going with the above user, but I’m now tunneled in with straight forward creds with right options 
Can anybody help me upload a plugin shell? I’ve been using curl and the webpage itself for hours by changing constantly the path invoked, but the best I can get is a 404…
I read the relevant source but still not figuring this out
Thanks in advance.