Let’s talk about Trickster. Please do not share any flags or writeups.
A medium-difficulty Linux machine, solvable in 2-3 steps.
The creator of the machine is EmSec.
This season, he has created two machines, Sightless and Infiltrator. Both are well-crafted challenges and you can find plenty of hints on our forum.
2 Likes
Found Subdomain shop. and .git directory with some kind of hash and maybe a user account.
There are many exploits for prestashop but couldn’t enumerate the version so far.
version is 8.1.5 but i’m still searching for something useful
can you tell me where did you find the hash?
exploring the .git directory and contents
shop subdomain contains .git use git-dumper you will find a weird directory go to it
can someone help locate the hash i did find a hash but i don’t think it’s correct
Follow this blog post to get initial foothold.
After cloning the repo, you need to modify every file, like ip addresses as yours and URLs. Otherwise you won’t get a shell.
And lastly, copy the reverse_shell.php into to malicious theme zip file.
2 Likes
Also you need to locate the admin panel direction from .git files and edit the exploit payloads.
1 Like
I am trying to crack database hashes for users including adam, admin and few more. but no success for now.
can you give me a hint on how did you find them
i’m talking about the admin panel hash and thanks in advance
Did you get a shell?
After getting just connected to mysql.
no i’m still in .git trying to find a hash
Use this carefully
1 Like
Hash cracking is successful.
For user flag, crack the db hash of james. It took some time. Be patient.
1 Like
can you please give me hint for the mysql, i didn’t find any creds
check the tables ps_customer and ps_employee
no i mean i can’t even connect to mysql tried all creds possible like root toor admin no password found my linpeas didn’t find any creds, also i checked mysql folder no conf file