First attempted box ever since I figured it’d be the easiest currently active. Stuck on www-****. Can’t seem to find anything useful. Would really appreciate some help. PM please
@awarkozak You’re further than I. I have a prompt that literally won’t let me do anything…not even cd /tmp, ls, nada.
Oops, actually, just forgot to try with the /login.php at the end 
@awarkozak said:
First attempted box ever since I figured it’d be the easiest currently active. Stuck on www-****. Can’t seem to find anything useful. Would really appreciate some help. PM please
You need to use a combination of ls and cat around the place you have landed. The information you need to progress is pretty much at your feet there.
Ignore the millions of shells. Look for interesting files and folders which may hold configuration information for a system and then remember people reuse passwords.
@6062055 said:
@awarkozak You’re further than I. I have a prompt that literally won’t let me do anything…not even cd /tmp, ls, nada.
Oops, actually, just forgot to try with the /login.php at the end
Nice one on resolving that.
If you are using an RCE, dont try to cd - you will get frustrated. RCE is not a shell and you absolutely do not need a shell for this stage.
@TazWake said:
@awarkozak said:First attempted box ever since I figured it’d be the easiest currently active. Stuck on www-****. Can’t seem to find anything useful. Would really appreciate some help. PM please
You need to use a combination of
lsandcataround the place you have landed. The information you need to progress is pretty much at your feet there.Ignore the millions of shells. Look for interesting files and folders which may hold configuration information for a system and then remember people reuse passwords.
Wow I hate myself. Found the credentials for user1 hours ago but only attempted to login with user2. Thanks for the push, made me retrace my steps. My true newbie colors are shining through at the moment. I’ll get there eventually
can someone give me hint i get the user1 j***y but cannt get the user2 can someone give me hint?
@0xstain said:
can someone give me hint i get the user1 j***y but cannt get the user2 can someone give me hint?
Enumerate your user fully, find out if something groups the two users together. Find things they might both be able to access. Read them, exploit them.
Is the user ji*** supposed to have a user.txt?
@TazWake Thanks. Now, I’m stuck on user2, and pretty sure it’s something to do with that program under their share folder, and even has part of the exploit in a file, but it’s not working. It gives me a shell, but it’s the same privilege. Also, I thought that user had sudo, but I guess not…none of the passwords work. Seems like I’ve tried every one of the exploits in GTFOBins, for that program.
Did you already get root on it?
@01ph0rie Oh, sweet, thanks 
…will give it a shot.
Oh, wait, was that just to show me that user can use that program with sudo? That’s what I’ve been trying, but it’s not working.
@6062055 said:
@01ph0rie Oh, sweet, thanks
Oh, wait, was that just to show me that user can use that program with sudo? That’s what I’ve been trying, but it’s not working.
Not sure if you’ve cracked this yet, but if you are still struggling, chances are you’ve misread it and are trying something it doesn’t allow you to do.
Ok now that I finally rooted this machine, here are my thoughts:
Lessons Learned
Overall
- If you’ve got some creds that you think should work but don’t, reset the box and try again. Some people are changing the user creds to block others from connecting - this happened to me multiple times, not sure if this is being done maliciously, or as a defensive mechanism, or what. It’s really annoying. Don’t do this.
Initial foothold
- Make sure you use a trailing ‘/’ for the exploit script!
User 1
- There are many ways of spelling “password”!
- ls and cat are effective tools for enumeration if you’re only checking a few places
User 2
- If johnny isn’t rocking your world, make sure your command line args are correct (–arg=/some/path, not --arg /some/path)
Root
- It was the obvious thing, but at first I didn’t understand the format of the command. Each line is a single command, not multiple commands separated by whitespace.
@01ph0rie , @TazWake : The shell pops up, but it’s just the same privilege, same user. So, I see how ‘sudo -l’ shows the program, but that’s what I’ve been trying the whole time. I’ve tried every method on GTFOBins, so now I’m wondering if I’m totally off, or what.
If I run sudo -l, and it shows I’m supposed to be able to run the program with no password, I don’t get why it’s prompting me for a password when I try to sudo the program.
EDIT: …still can’t figure this out, after few more hours messing with it. I don’t understand, why sudo isn’t working when it says NOPASSWD. I don’t see how the GTFOBin method is supposed to work without sudo. I’ve tried it without sudo a hundred times now. Anyone else still messing with this? Does anyone have user2 cred’s, for sudo? Maybe I’m missing some cred’s. Someone mentioned some mysql cred’s. I haven’t seen them, but not sure if I need them, either.
help getting the root, im currently user 2, just pm me. Thanks
Stuck on user1. Got lost somewhere and found myself digging through the database for info which I’m certain is the wrong path.
Thought I found the right info in m***.p file within the i****l directory but having trouble gaining what I need to from it.
@6062055 maybe you don’t need a Shell?
Think of nano, what can you do with it, what shortcuts can you use.