Canape

1567911

Comments

  • Making some progress here but slowly pretty interesting so far!
  • Nice box.

    Spent the most time on "the" 500 error, until I found out the RCE was working despite it :-)

  • I can only find service 80 and reference to a db I can't find a connection for... What am i missing? any help would be appreciated! :)

  • Please someone DM the hint of running the thing on my machine

  • edited August 2018

    Spoiler Removed - Arrexel

  • Can someone help me or give me a hint for initial step of the box? I have done some enumeration and dir busting to no avail. Any help or a link that refers to vulnerability is much appreciated. Please pm me.

  • @rocux said:
    Can someone help me or give me a hint for initial step of the box? I have done some enumeration and dir busting to no avail. Any help or a link that refers to vulnerability is much appreciated. Please pm me.

    Have a look at the source code of the web page

    jamesa

  • I think I am beginning to see the light

  • HI all , im on this box from few days now, nothing of my try work ... ,i found some hole but i dont know how to begin .. any help is much appreciated. please pm

  • If anyone could PM me for a nudge on where to go from www-data that would be amazing.

  • Rooted. Had the most fun on this box so far, and learned a few new things too :)

    jamesa

  • Anyone available for a PM? Been working on this for a few days now, got running locally and see what's going on and able to execute the vulnerability using script that mirrors check but unable to envoke via app...
  • Finally! User took 8 days, Homer took 2 days, and root took 15 minutes..

    This box 100% does not match the difficulty level IMHO...

    Nonetheless great fun - If anyone needs help drop me a PM.

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • anybody getting urllib3 error while trying to escalate to root? is there a way around it?

  • edited August 2018
    This box has been endless frustration... Able to get payload up locally but get posix error unless running dos2unix on the file, then it works using the check() function copied into a file check.py but every time I try with /check in browser I get bad request 400... I feel like I'm close but feel like a dog chasing his tale
  • could do with help to get a foothold on the box. any help will be appreciated

  • edited August 2018
    If someone could drop me a DM please take a look at my script to "check" input, I'd really appreciate it! My very similar script to submit is working great, no more pickle errors etc when I run it with code pulled from app used to check
  • check all version of code you where reviewing. make sure they tell the same story ;)

  • Damn, it took me 1 hour to get the first shell, 3 days to find a checkbox in a f***ing web interface and 5 min to get root... shame on me :'D

  • Anyone want to shoot me a hint on how to send my initial foothold payload? Or point me to an informative reading?

  • This may help solve "500 error" on the payload https://gist.github.com/freddyb/3360650

    Hack The Box

  • @KuroSaru said:
    check all version of code you where reviewing. make sure they tell the same story ;)

    This fixed my issues locally now to tweak for htb... It pays to read things more carefully when comparing versions!

  • Anyone who can help me with my payload, please DM and I show you where I am having problems

  • Would really love a PM regarding how to get a user shell. I have discovered a vulnerable service running on the box, but the exploit script I found does not work. It tells me that the commands have been executed, but I'm pretty sure they have not been.

    Thanks!

  • @mxchai said:
    Would really love a PM regarding how to get a user shell. I have discovered a vulnerable service running on the box, but the exploit script I found does not work. It tells me that the commands have been executed, but I'm pretty sure they have not been.

    Thanks!

    pm me if u need help

  • Could someone give a hint about how to bypass the character when making a shellcode ? i'm sure the shellcode works fine locally withoute the character

  • @Erbooo treat them as one. You cant just bypass it.

  • Got to say good box, user was the hardest, and I liked IT. Root was not hard, but I truly like they way it was done. Great job @overcast .

  • edited August 2018

    I can get reverse shell locally. But with same payload i am getting 500 error on the canape server. Can someone give me a hint??

  • Tring to get user, An one way I'm trying is using the DB, yes I have got the DB permission, and I'm trying to use some exp scripts to get the user permission. however, I'm stuck at this process. I just want to know am I right ? Took me a week ...

Sign In to comment.