Swagshop

cRANIUM1208 · July 5, 2019, 8:31pm

Type your comment> @daxorid said:

Trying harder to understand how everyone is finding the admin panel. Neither directory enumeration nor analysis of all the exposed xml config files is turning up an admin uri for this box. Is everyone talking about the connect manager uri and just calling it admin?

Search the web for help pages on setting up magneto, you’ll soon find what page you’re looking for.

Fighter81 · July 5, 2019, 8:36pm

As someone stated before the hardest part is user, root is basic old school, thanks for creating this machine, i learned much about package creation…Thanks

kaosneverdied · July 6, 2019, 5:06pm

Almost everything seems to have gone dead including the site’s front page. I get 503 ‘service temporarily unavailable’ though I can still ping the box and its up. Anyone else getting them same / know why this has happened?

syicoma · July 6, 2019, 7:08pm

Type your comment> @kaosneverdied said:

Almost everything seems to have gone dead including the site’s front page. I get 503 ‘service temporarily unavailable’ though I can still ping the box and its up. Anyone else getting them same / know why this has happened?

Please resetting the box. it is a pain for sure

cRANIUM1208 · July 6, 2019, 10:42pm

cant seem to get my syntax right for the priv esc… keep getting prompted for a password no matter what argument i use…

Can i get a nudge via pm please ty

xenofon · July 6, 2019, 10:55pm

hey guys some help plzz??
i have entered in the admin panel , and in to the m***** co***** ,but i can not figure out how to upload a file ,i saw the upload section but dont know what file to upload
thanks

syicoma · July 6, 2019, 11:02pm

Type your comment> @cRANIUM1208 said:

cant seem to get my syntax right for the priv esc… keep getting prompted for a password no matter what argument i use…

Can i get a nudge via pm please ty

look at the privilege path where you are allow to run from

Hvts3rk · July 7, 2019, 7:49am

Guys it’s so frustrating. I’ve been trying for three days but nothing to do. […]

UPDATE: User gotcha! Now what about PrivEsc? I used L.E. what should i see? (this is my first privesc)

juggydancesqd · July 7, 2019, 1:24pm

Finally managed user after a bit of a push in the right direction from @83114C140

Onwards and upwards to root!

RLawlor32 · July 7, 2019, 7:28pm

Would someone please mind explaining what to do at admin screen. I got the RCE part. Good lord. Now im completely stuck.

kaosneverdied · July 7, 2019, 7:58pm

I’m in the M****** C****** M*******. Trying to get user. Everytime I try to upload a script to get reverse shell everything goes 503. Drowning in Magento documentation trying to figure it out. I’m probs missing something obvious. Anyone willing to DM me a nudge in the right direction?

kwl6b776c · July 7, 2019, 8:43pm

Finally owned the machine. It`s my second active machine owned, therefore I am very happy. It took me couple of hours to made it. I have to admit that i had to take a look at google to find out some things connected certainly to Magento Platform, but I think I made the machine almost by myself

I have stucked at some stages but reading this topic helped a lot, especially in not wasting time on some scripts

DM me for hints if you want. The box was great fun.

Hvts3rk · July 7, 2019, 8:49pm

Type your comment> @83114C140 said:

Guys it’s so frustrating. I’ve been trying for three days but nothing to do. […]

UPDATE: User gotcha! Now what about PrivEsc? I used L.E. what should i see? (this is my first privesc)

2 entire days but it’s gone! Finished! I liked this, we need more real-life machines!

t00thl3zz · July 8, 2019, 3:34am

Guys I think I got everything to get root, but I don’t get a tty shell, is it really needed? Any help would be appreciated.

CrystalSage · July 8, 2019, 12:10pm

Rooted ! What a fun box !

kaosneverdied · July 8, 2019, 5:24pm

Type your comment> @joshkor40 said:

Type your comment> @UIDEQUALSZERO said:

is anyone getting the following error with one of their exploits today?

tunnel = tunnel.group(1)
AttributeError: ‘NoneType’ object has no attribute ‘group’

It was working fine for me yesterday and I changed the parameter accordingly, PM me

Same here bro!

Did you work a way round this?

alephsur · July 8, 2019, 8:56pm

Hello, i have a problem with the machine. I have the access for the root file but it has not the key. It only show me a message with a draw and a message telling me to join to hackthebox.store using the flag as password, but there isn’t any flag. Do you have any hint to solve the problem.

stabilo · July 8, 2019, 11:11pm

Stuck on root, have a low-priv shell and I know what I can run as root in the folder, but spawning a shell seems to still be as a low-priv user.

EDIT: Rooted! Sleeping through the night and starting with a fresh mind helped a lot

ekka · July 9, 2019, 11:01am

@dm7500 said:
So I got user, but I’m stuck in a w…-d… shell, with no tty. LinEnum shows me the path to root, but I can’t run anything as su because I don’t have tty. I’ve tried Python, but it’s unavaliable. I can run bash -i, but it still doesn’t give tty. I’ve tried uploading socat, but no go on running the executable either.

Any help?

EDIT: Rooted! Just because your favorite TTY shell upgrade doesn’t work, doesn’t mean a newer version won’t
this.

idna · July 9, 2019, 11:09am

Type your comment> @alephsur said:

Hello, i have a problem with the machine. I have the access for the root file but it has not the key. It only show me a message with a draw and a message telling me to join to hackthebox.store using the flag as password, but there isn’t any flag. Do you have any hint to solve the problem.

Are you sure about that?