Tastro , I have managed thanks to some hints, it is really one of those that you need to go step by step removing barriers. There are many ways to get it.
For instance one thing that is key is to realise the difference between the info endpoint of the docker image and the info endpoint of the htb site. This will give you the first part where to look.
Tastro , I have managed thanks to some hints, it is really one of those that you need to go step by step removing barriers. There are many ways to get it.
For instance one thing that is key is to realise the difference between the info endpoint of the docker image and the info endpoint of the htb site. This will give you the first part where to look.
Comments
Oops "Allowed memory size of 134217728 bytes exhausted"
hint, anyone?
I got shell, but I can't read the flag due to open_basedir restriction, any idea?
I have the feeling that I'm missing something.
Thanks!
Reach me on Discord: n3b0r#2873
pm me, maybe I can help you!
Type your comment> @p4w16 said:
Done! Thanks man
Reach me on Discord: n3b0r#2873
So, i need help on this
. I am not sure where to continue. I'm so lost!
1) I see the decs and i can read somethings
2) I can't get any shell (not even a clue what shall i google that could help)
3) I have read the code, not sure if it is a problem in fpm/nginx or in the code itself
I believe the issue must be similar in imagetok. I just lack the knowledge of what i need to search for.
I seem to be stuck at this one..
Just to make sure, do you need to exploit/use multiple endpoints to get the shell?
Tastro , I have managed thanks to some hints, it is really one of those that you need to go step by step removing barriers. There are many ways to get it.
For instance one thing that is key is to realise the difference between the info endpoint of the docker image and the info endpoint of the htb site. This will give you the first part where to look.
@nadid said:
Thanks, that's a good hint! Got shell now!
Finally got the flag! It was hard but I loved it. If someone need help pm me.
I am able to execute PHP commands but still unable to get shell due to disable_functions. Any hints how to bypass this?
any hints for how did you get the shell is there any hidden directory where there is a file upload or something?
This was a great challenge, loved it!
Hints to those stuck:
I need a hint on the last piece of the puzzle.
Please, DM me to discuss about how to go from PHP RCE to native RCE.
I tried a few known paths, including the f*m s****t, b****s d*****e f*******s and custom e*******n. But no luck.
I'm totally stuck right at the beginning. I have found one vuln, but was not able to get anything out of it.
Anyone willing to help?