Can someone give me a nudge? found a possible R** for ON***N. just want to check i’m not off down a rabbit hole.
Type your comment> @GreyHat86 said:
Can someone give me a nudge? found a possible R** for ON***N. just want to check i’m not off down a rabbit hole.
Should give you a shell so no rabbit hole.
Low level shell acquired. Working on user now, any hints appreciated!
Need a nudge? Just let me know and send me a DM
Almost everyone is having issues getting the user shell.
Can anyone dm me what to do with www-data shell?
Type your comment> @Warlord711 said:
Type your comment> @GreyHat86 said:
Can someone give me a nudge? found a possible R** for ON***N. just want to check i’m not off down a rabbit hole.
Should give you a shell so no rabbit hole.
Nada… l’ll check my syntax over, i’ve tried the payload after plodding through pages in burp, a script and a curl command.
couldn’t get an interactive shell after sending an net*** command via b***. any nudge? got a low level shell but nothing works inside.
Spoiler Removed
Fun box. Root was maybe way too simple?
Small hint for the initial shell, since it’s a new box - just do it manually.
DM if you’re stuck and need a little nudge
seems like someone left end part open - there for www-data 
User and root owned
I’ve seemed to have found the vulnerable service and found the exploit. Could anyone DM me a hint for the initial foothold please? I’m not sure I’m understanding the exploit.
Ok, got user+root after Proventus post. Sometimes you fail to check the most obvious stuff…
Nice box, thanks @dmw0ng ! Was expecting an easier path to user but it definitely was fun to do. I may have overcomplicated some steps along the way though :))
Plenty of hints given here. PM for nudges.
I keeping running the 4****.sh script but I get a non-responsive $ shell. No matter what I type I get no output and a $. I’ve tried to pop a shell from it, but python, nc, and bash shells haven’t worked. Help or a hint as to what I’m doing wrong would be appreciated.
@ZeWanderer said:
I keeping running the 4****.sh script but I get a non-responsive $ shell. No matter what I type I get no output and a $. I’ve tried to pop a shell from it, but python, nc, and bash shells haven’t worked. Help or a hint as to what I’m doing wrong would be appreciated.
Try doing the request manually instead of using the script.
Rooted
PM for help
Rooted. Hints:
Foothold: Fuzz then google, very fast ‘shell’
User: Pretty simple enumeration, I overthought it. Once you’ve got it, fix it so it works for others.
Root: Very easy, very CTF-like.
Overall first part of the box was easy but fun, root could’ve had some more work.
Got user so far. started low priv with msf
wont have to go far to find the first step. to get to the second, i did a little forwarding to access the private server. Then with a little decoding and your good friend john, you should be able to get to user.
Working on Root.