Swagshop

HTB Content Machines
182

And rooted ! If you need help PM me

183

any way of getting around the 503 errors know what the exploit is to get an initial shell but errors getting in my way arrrgh…

184

Can someone help me with priv esc? i know what i am supposed to do but i keep getting prompted for the user password when running s*** v* and i shouldnt be

185

@badman89 said:
any way of getting around the 503 errors know what the exploit is to get an initial shell but errors getting in my way arrrgh…

If you already have your initial shell, create a loop to delete the maintenance.flag file from swagshop’s web root directory while you work on your privesc. That would give you peace until someone decides to reset the box. (hint: the 503s won’t matter anymore once you have your initial shell. Actually it still matter because other users would reset the box when they cannot get into the Admin Panel.)

Some people are uploading their shells in a way that would cause M****** to be put in maintenance mode. Some are editing the index.php file.

If your research tells you to edit the index.php file, please move on and look for another way. It would save you and other people from the hassle.

186

ok cheers @Thomasian , seems to be ok now ive moved server! any hint on where to get the file i need to upload have one but says connect error unsupported resource type

187

Type your comment> @p0wn3y said:

Can someone help me with priv esc? i know what i am supposed to do but i keep getting prompted for the user password when running s*** v* and i shouldnt be

Are you authorized to run the binary as root anywhere?

188

@badman89 said:
ok cheers @Thomasian , seems to be ok now ive moved server! any hint on where to get the file i need to upload have one but says connect error unsupported resource type

Uploading through M****** Con**** might put it into maintenance mode. I did not upload my shell there. I am not saying you can’t do it there but there is an easier way to upload you shell without creating your own extension package file for your shell.

189

i tried copying the binary to where i am allowed to run it and its still doing the same

190

Type your comment> @mogyub said:

Type your comment> @Tepidangler said:

Type your comment> @sornram9254 said:

Stuck in 503 many times. ?
Please exploit carefully. ?

I’ve come to find that’s actually supposed to happen :wink:

This is misleading, you can root this box without causing a 503.

im interested to hear how you did it, the only vector i saw involved adding some stuff so you can access some other stuff

191

Root!!! thanks for the help everyone, PM me if you need help.

192

done, thanks @SiV4rPent3st for that slight yet crucial nudge in rooting :slight_smile:

Alright, tips;

user:
pretty straightforward, find exploit and use it, it needs some tweaks tho, read its comments in the code - they tell you what you need to supply.
afterwards you need to install certain thing if you don’t know what the ■■■■ I’m talking about - youtube has several clips about it and one of them is actually in english :slight_smile: just search for the app name and what you would like to do to it.

root:
funny, it’s easier than user but it’s the user that was easier for me…
just run linenum and you will see it - it stands out like a sore thumb :slight_smile:

if the comment is too revealing please let me know, I’ll edit

oh, and one more thing;

for god’s sakes, do NOT edit the index.php, think about it - if you do that, you ruin the whole website, and getting root requires several steps, it’s so upsetting having to redo them all after getting a 503…

193

Is it possible that the box was changed a bit ? Or maybe my yesterday update of Kali changed something in Python libraries ?
Simply, one script which worked perfectly when I did the box is no more working. And not only for me, three other peoples tried it and yesterday script worked, today no. On various labs, including the vip box.

194

Type your comment> @UIDEQUALSZERO said:

is anyone getting the following error with one of their exploits today?

tunnel = tunnel.group(1)
AttributeError: ‘NoneType’ object has no attribute ‘group’

It was working fine for me yesterday and I changed the parameter accordingly, PM me

yes, i am facing the same issue . it worked fine till yesterday night

195

Type your comment> @WhiteVoid said:

Type your comment> @UIDEQUALSZERO said:

is anyone getting the following error with one of their exploits today?

tunnel = tunnel.group(1)
AttributeError: ‘NoneType’ object has no attribute ‘group’

It was working fine for me yesterday and I changed the parameter accordingly, PM me

yes, i am facing the same issue . it worked fine till yesterday night

I’m getting the same…

196

Type your comment> @PavelKCZ said:

Is it possible that the box was changed a bit ? Or maybe my yesterday update of Kali changed something in Python libraries ?
Simply, one script which worked perfectly when I did the box is no more working. And not only for me, three other peoples tried it and yesterday script worked, today no. On various labs, including the vip box.

I’m having the same issue on VIP as well, regardless of the many box resets.

197

Yes I am getting same error too

198

Has someone been changing passwords?

199

Type your comment> @halligan said:

@hxmo US VIP was very stable. I had shell for the last hour or so with several stupid CTRL+C moments requiring me to re-exploit.

lucky you… EU VIP is horrible cant even login with the correct creds

200

Type your comment> @WhiteVoid said:

Type your comment> @UIDEQUALSZERO said:

is anyone getting the following error with one of their exploits today?

tunnel = tunnel.group(1)
AttributeError: ‘NoneType’ object has no attribute ‘group’

It was working fine for me yesterday and I changed the parameter accordingly, PM me

yes, i am facing the same issue . it worked fine till yesterday night

Getting the same error - script worked fine before.
Something must have changed?? Anyone?

201

This is horrendous. Reset every minute. 503s all over the shop