So, update:
Uploaded the reverse shell but I’ basically stuck. Taking a look at the whole system and found a couple of ssh keys but nothing more. Any hint?
Feel free to PM me, as always!
Rooted! Nice and easy.
So I know what the way into the admin panel is, and what it does etc. I’m pretty sure i know what to do once on there too. I thought the exploit was working(because it says it did the thing) but it wasn’t actually working. I’ve been on the admin panel because i know what the login was supposed to be, but i don’t want to piggyback onto someone else’s stuff.
However i cant figure out where to point the exploit to, or if there’s also something else i have to change in it? (there’s certain commented line I’ve been staring at) I’ve tried many many different paths, many of which make it say it worked lol. So yeah i’m pretty stuck.
Any pointers?
Hi I’m at the beginning of HTB someone could send me some help to get usr and pass?
Type your comment> @Vaibhav0210 said:
Hey! I tried SwagShop challenge but didn’t able to crack it. Kindly help me in this. @sarange
If you have done some recon and didn’t get anywhere PM with what you found and I will try to steer you to the right direction 
220 reset today at this time … please stop
Compulsive resetter … i hate you !
I am grateful that I found a no-reset window and rooted the box. May the 501s be with you on that.
I have found the admin panel, and user/password., but I havent found any working way to RCE and get a remote shell. Please could you PM
can someone please remind me how can we get the “file system” menu apapear again in the admin system menu … I reset the box , it has disseapered and now I can not get it back , stuck since 2 hours !!! grrrrr
I observe the extension file system is deleted every time the machine is restarted, however the plugin that i am installing does not allow me to modify any php file. Any help?
Is it just me, or does box seem to go down immediately? Everytime I’ve tried this challenge, the box is already down/crapped out or does so soon after I start.
Just now, I restarted the box (us-free-1), accessed the webapp, and after clicking through one page I get nothing but blank responses from the webapp. I wasn’t doing any scanning or anything.
Maybe someday I’ll get to try this one out…
From talking to people it seems there are a couple ways to pop a shell on this box? I got root and now I wanna learn how everyone else got their shells. PM me to share the knowledge
Agh god I am so unfamiliar with Magento. Stupid question. Got admin access, now how the heck can I edit a .php file to fire my nc php shell? Is there an editor or something?
Hello can someone help me with the initial foothold? i’m stuck there :c
Type your comment> @MrSquakie said:
Getting tons of DMs here on root. The thing you see but get prompted for a password, the space isnt a delimiter, that is all one command.
This is the best privesc advice in this thread. I feel like an idiot.
Rooted!
what the pain in the ■■■…resetting it like ■■■■.
For User : every thing is in your hand just get the exploit and get into admin panel…and you will get reverse shell in notime…but may the 503 be with you…just because of 503 i hadn’t got the exploit in very first time.
For root : If nobody resets the machine you will get the root in very less time…i mean just after the watching the report of LinEnum…you should get the root shell.
Type your comment> @kr4mpus said:
Type your comment> @MrSquakie said:
Getting tons of DMs here on root. The thing you see but get prompted for a password, the space isnt a delimiter, that is all one command.
This is the best privesc advice in this thread. I feel like an idiot.
That gave me a win
Rooted.
Not very complicated but interesting box. Realistic scenario.
Thanks for creator.
User: for those who follow connect path, do not forget uncheck Maintenance mode.
Root: don’t need any tools. A classic privesc with v…
Well i wish how to get started this is my first webapp I enumerate. Maybe someone is willing to help me with some good sources to get started. Much appreciated. 
Just PM me