Anyone else not have cd available for code execution?
@rootshooter Despite the $, you’re not in a shell. You’re just executing commands on the server. The creator of the exploit added the $ for aesthetics. If you want a shell, you’ll have to work a tiny bit harder 
EDIT: You don’t actually need a shell to get to the next step, but sometimes it’s easier to navigate around.
I am stuck and need a push in the right direction. Can anyone who would like to help a beginner PM me?
@jshepherd said:
I am stuck and need a push in the right direction. Can anyone who would like to help a beginner PM me?
It depends - have you tried the hints already in this thread?
@rootshooter said:
Anyone else not have cd available for code execution?
You do have cd available. It’s just that with an RCE, each time you run it, its a new exploit so it starts back in the first location.
You can, however, use cd /path/to/folder;ls perfectly well. It is just much easier to use ls /path/to/folder in the first place.
I have got user jy and I have seen some things in il folder but cant find the creds to use there. Any hint plz
@dotto said:
I have got user jy and I have seen some things in il folder but cant find the creds to use there. Any hint plz
Have you looked at these?
(there are lots more in the previous 29 pages of this thread)
Hey guys. I got the .sh to work and now have www-**** usr but I can’t move dirs when I try to cd it does not let me I can cat the files around me but can’t move dir is there something i’m missing with the script or am I just dumb?
@awakengaming83 said:
Hey guys. I got the .sh to work and now have www-**** usr but I can’t move dirs when I try to cd it does not let me I can cat the files around me but can’t move dir is there something i’m missing with the script or am I just dumb?
Scroll up just a little bit.
uid=0(root) gid=0(root) groups=0(root)
root@openadmin:~#```
pm me for hints without spoilers.I have got user jy and I have seen some things in il folder but cant find the creds to use there. Any hint plz
Have you looked at these?
OpenAdmin - #16 by Jacker31 - Machines - Hack The Box :: Forums
OpenAdmin - #41 by lukeasec - Machines - Hack The Box :: Forums
OpenAdmin - #81 by sicxnull - Machines - Hack The Box :: Forums
OpenAdmin - #145 by CrystalSage - Machines - Hack The Box :: Forums
OpenAdmin - #162 by Str0ng3erG3ek - Machines - Hack The Box :: Forums
OpenAdmin - #170 by t3ngu - Machines - Hack The Box :: Forums
OpenAdmin - #178 by MicrowaveOven - Machines - Hack The Box :: Forums(there are lots more in the previous 29 pages of this thread)
Honestly, these are the best hints. Nice of you @TazWake to put these together.
Anyone able to help me ge the ruddy .sh working? Its beyond my limtied bash knowledge, probably something really daft.
@EvilMonkee said:
Anyone able to help me ge the ruddy .sh working? Its beyond my limtied bash knowledge, probably something really daft.
You need to give it the target address. If you just run filename.sh it won’t do anything other than give you a prompt to trick you.
Either give it the target as an argument or edit the file to add it.
Yep, did that. Tried filename.sh 10.10.10.171 as well as http://10.10.10.171. Still missing something am I?
@EvilMonkee said:
Yep, did that. Tried filename.sh 10.10.10.171 as well as http://10.10.10.171. Still missing something am I?
Yes. If you type that into your browser, does it take you to the vulnerable page?
Ah so Ineed to append /o** on the end?
Got it. dos2unix sorted the issue (maybe) either way it works now
Spoiler Removed
First root very fun. No better feeling than seeing that root flag