Swagshop

PavelKCZ · May 12, 2019, 12:52pm

Nice box, finally rooted.

mpzz · May 12, 2019, 3:25pm

Type your comment> @IgorLB said:

Exploit is correct) Try another source to download it.
Thanks for the box.

I’m feeling so stupid rn. I had this exploit from the beginning but didn’t bother reading the code. Just read the exploit code and now I’m one step away from user. Thanks for the pointer <3

Ap3x · May 12, 2019, 3:57pm

I’m getting a 503 is Magento down for anyone else?

valkyrix · May 12, 2019, 4:04pm

Type your comment> @Ap3x said:

I’m getting a 503 is Magento down for anyone else?

been getting that all day, about 1 minute after a reset it comes back. I assume someone is constantly bricking it.

sarange · May 12, 2019, 4:07pm

Nice box, I enjoyed it. But I have to say it. Why do people upload their reverse shell in index.php? It’s kinda stupid tbh, you stop everyone else and, of course, other people will reboot the box so your shell will die. Anyway if someone wants any hints, pm me.

mpzz · May 12, 2019, 4:34pm

wow finally got root.
Here are some hints:
User: There are many exploits out there but only one will work which needs a very small modification, so be sure to check the source code and try
Root: ezpz. everything is in front of your eyes.
That’s all. May the 503 and resets be with you!

sarange · May 12, 2019, 4:45pm

Type your comment> @mpzz said:

That’s all. May the 503 and resets be with you!

^^ THAT

0xs4m · May 12, 2019, 5:25pm

not sure if ive found creds for magento admin, seems to be a key and a password for the login, not coming up with any format that i can use the key aginst the password to decrypt it though, any advice?

MarkHalberstam · May 12, 2019, 5:50pm

Still trying to get a user shell. Can I PM someone with what I’m currently doing to see if I’m on the right track?

ZeroFlagsGiven · May 12, 2019, 6:09pm

Type your comment> @MarkHalberstam said:

Still trying to get a user shell. Can I PM someone with what I’m currently doing to see if I’m on the right track?

Gimme a shout if you still need help verifying

idealphase · May 12, 2019, 6:17pm

Pwned the box! Thanks, @ch4p for great Linux box. I’ve Learned a lot about Magento in the initial foothold! Feel Free to PM me If you guys got stuck. The PrivEsc part is easy one.

zauxzaux · May 12, 2019, 7:15pm

Can someone dm me about s**o problems?

zauxzaux · May 12, 2019, 7:25pm

nvm; i wasn’t understanding syntax… smfh lol awesome sauce

zweeden · May 12, 2019, 7:59pm

Type your comment> @zauxzaux said:

nvm; i wasn’t understanding syntax… smfh lol awesome sauce

SAME! lol. I read it as if it was delimited -_-

noobsaibot81 · May 12, 2019, 8:25pm

Hey, folks, I’m new. Somebody could give me a push to get started.

Greetings

Spenge · May 12, 2019, 8:29pm

Type your comment> @noobsaibot81 said:

Hey, folks, I’m new. Somebody could give me a push to get started.

Greetings

Load up nmap and do a scan of all ports and services running on these ports.

thewildspirit · May 12, 2019, 8:56pm

i have a script that i run yesterday and it worked, now i run it, it says it works but i cannot login. Please someone pm and tell me what im doing wrong!

ZeroFlagsGiven · May 12, 2019, 9:01pm

Type your comment> @thewildspirit said:

i have a script that i run yesterday and it worked, now i run it, it says it works but i cannot login. Please someone pm and tell me what im doing wrong!

Chances are you used it and didn’t really work… Even though it reports it did. And someone else used it (after modification)and it worked correctly, and by chance you got in with the same creds.

N0rm · May 12, 2019, 9:14pm

@DameDrewby tell me about script i don’t find cred wtf???

Ap3x · May 12, 2019, 9:27pm

Need help with priv esc. Someone please message me.