Canape

1567810

Comments

  • @hahcaptain said:
    Tring to get user, An one way I'm trying is using the DB, yes I have got the DB permission, and I'm trying to use some exp scripts to get the user permission. however, I'm stuck at this process. I just want to know am I right ? Took me a week ...

    If you have got the DB permission, I think you should utilize ALL DATA from DB.

  • anybody can pm for the first step?

    Raouf09

  • @rocux said:
    @Erbooo treat them as one. You cant just bypass it.

    finally find one works fine . Thanks~

  • @raouf09 said:
    anybody can pm for the first step?

    pm me we can do it together

    Hack The Box

  • @prajwal15 said:
    I can get reverse shell locally. But with same payload i am getting 500 error on the canape server. Can someone give me a hint??

    Same here... I took a few days off to reset myself but I'm wondering if the issue might be... 1) the particular thing I'm trying to set up to listen is not installed 2) may be a multi part payload required to write a file then execute it? or 3) I'm out to lunch all together lol but I do get an appropriate response when non malicious input is given then checked so I feel like I'm one small step away

  • I finally got shell after about a week. The "hints" on this forum were kind of misleading. I'd say very carefully examine what barriers you think exist when you start getting the 500 error messages. Use Python to send your requests to avoid stupid human fingers.

  • First part of this box is a little bit hard, even with the possibility to see it closer! Second part is funny. Third part is a flash.

    I have learned a lot with this machine, and it's updated .. the first vulnerability makes part of the OWASP 2017, and the second part, I never used and never thought that would exist... i mean CanapeDB :smiley:

    If anyone need an hint or redirection, feel free to pm me.

  • i got user flag but need some hint for priv esc

    Raouf09

  • Nvm i got the root

    Raouf09

  • Got into box, got into user, but can't seem to get root. Can someone dm with some hints? Thanks

  • @xtech said:

    @it4chi said:
    I am logged in as user any hints on a stable shell?

    python -c 'import pty;pty.spawn("/bin/bash")'

    that trick saved my day, thank you indeed :)

  • For user,
    1) Need python knowledge and a bit of creativity to get Remote Command Execution (I think this is the hardest part)
    2) Use RCE to get minimal shell then use the command posted by xtech to get bash shell
    3) Research on a service running there and two very well known vulnerabilities in the version running, that will give you elevated access to the service
    4) With elevated access, check all data that you find and one of them will get you user

    For root, check what you are allowed to do with elevated privilege and then find well known methods to use the operation to get privilege escalation

  • edited September 2018

    anyone available? stuck on getting a shell. i can RCE but it drops the reverse shell

    edit: rooted. not bad this one. Thanks to @iVirus

    Hack The Box

  • edited September 2018

    Great box! Rooted. If you want a non-spoiler nudge then PM me.

  • So I'm in the same boat as several others when it comes to getting an initial foothold / rce using p****e. I have a working payload WITHOUT the name in the whitelist but I can't seem to work it into the payload without breaking it. Any hints / pm would be greatly appreciated!

  • @0xJDow said:
    So I'm in the same boat as several others when it comes to getting an initial foothold / rce using p****e. I have a working payload WITHOUT the name in the whitelist but I can't seem to work it into the payload without breaking it. Any hints / pm would be greatly appreciated!

    I know you feeling

  • Okay guys, I got a local address for couch but I can't seem to connect to it with a payload, do I have to create an instance of that localhost on my machine?, am stuck here,any hints please
  • Hello guys, i have tried everything i can, i have mirrored the git repo to my localhost and tried using a python payload to connect to the db but still not working, really out of ideas, hints will be appreciated thanks

  • edited September 2018

    Whoo man, I am super stuck on the payload for this one. Still no luck :dizzy:

    Fibbot
    OSCP

  • Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

  • @1m0s said:
    Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

    Did u see the db?

    sckull

  • @1m0s said:
    Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

    Got user flag.

  • @1m0s said:

    @1m0s said:
    Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

    Got user flag.

    and root (even easier).

  • edited September 2018

    Hi,
    Can anyone give a hint? Yesterday, I was able to get initial shell but right now I'm getting 400 error. I've reverted the machine but still no success.

    Update: Finally got it.

  • @iVirus said:
    For user,
    1) Need python knowledge and a bit of creativity to get Remote Command Execution (I think this is the hardest part)
    2) Use RCE to get minimal shell then use the command posted by xtech to get bash shell
    3) Research on a service running there and two very well known vulnerabilities in the version running, that will give you elevated access to the service
    4) With elevated access, check all data that you find and one of them will get you user

    For root, check what you are allowed to do with elevated privilege and then find well known methods to use the operation to get privilege escalation

    Finally got root today, thank you iVirus - this tip was very helpful. pm me if you need a nudge.

    Hack The Box

  • is there any retired box similar to canape?

    matikhalliqie

  • edited September 2018

    im new. I find exploits, but exploits go to a 5xxx port (couch) that is closed. I would attack it from http. Any hints or something to read by dm?

  • Can someone help me with this please ... Send me a DM .

  • I'm having a hell of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

  • edited September 2018
    > @tt0t3s said:
    > I'm having a hell of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

    Use https://github.com/internetwache/GitTools/tree/master/Extractor
Sign In to comment.