Bounty

1356716

Comments

  • Just got root and wondering ... is there any other way to privesc than via the famous exploit?

    m4rc1n

  • I cant manage to get a payload working! Please help a noob ):

    Mist0

  • @haggy said:

    @onlyamedic said:
    server just hangs when I try to execute a payload/payload. I know the correct path/method. Is this expected?

    I tried very complex payloads in the beginning. Those behave like you describe.

    Yea it was strange I Just finished it. funny enough I had a really old book about the language that helped me write a different payload lol

    Looking for past Hack the Box write-ups or other security stuff? Feel free to visit: https://dastinia.io <3

  • Stuck on upload. I googled everything on bypassing FU filteres. I have a very simple payload, just a print but I can bypass it. Any hints?

  • @deibit said:
    Stuck on upload. I googled everything on bypassing FU filteres. I have a very simple payload, just a print but I can bypass it. Any hints?

    same here

  • There is something strange here or it's part of challenge ?
    When I upload a file seems to be all ok (i got the message ">File uploaded successfully") but the file not exists or other times exists and after some time disappears!!

  • @thek said:
    There is something strange here or it's part of challenge ?
    When I upload a file seems to be all ok (i got the message ">File uploaded successfully") but the file not exists or other times exists and after some time disappears!!

    expected since other people can erase your upload ;)

  • edited June 2018

    @mpgn said:

    @thek said:
    There is something strange here or it's part of challenge ?
    When I upload a file seems to be all ok (i got the message ">File uploaded successfully") but the file not exists or other times exists and after some time disappears!!

    expected since other people can erase your upload ;)

    And now the upload process gives "HTTP/1.1 500 Internal Server Error" :(
    Spoiler Removed - Arrexel

  • after resets it gives out 500s..

    just close and start a new tab if it gives 500s on previous working uploads

  • got user through rce. any hint on reverse shell for getting root access?

  • @sh4nk said:
    after resets it gives out 500s..

    just close and start a new tab if it gives 500s on previous working uploads

    So, I develop a php script with curl for uploading file any time ;)

  • Something strange is happening!
    I trying many times to upload a file for over two hours....
    Always returning the message "File uploaded successfully" but the file not exists!
    Earlier this flow were working.
    This happens only to me or there is someone else who has this problem?

  • edited June 2018
    > @thek said:
    > Something strange is happening!
    > I trying many times to upload a file for over two hours....
    > Always returning the message "File uploaded successfully" but the file not exists!
    > Earlier this flow were working.
    > This happens only to me or there is someone else who has this problem?

    Yeah I'm getting same issues
  • Tried several ways of obfuscating , tried different payloads from super basic to complex... Not sure if I'm really close or wayyyyy off?
  • can someone please PM me for a string tip on how to bypass the extension check? got stuck there

  • edited June 2018

    @danymogh said:
    can someone please PM me for a string tip on how to bypass the extension check? got stuck there

    Yeah, its quite annoying - I tried null byte injection but to no avail.

  • Try few of the non-mainstream extensions for this platform. You might get one of them to work and then work from there.

  • Any hints on getting past 500 - Internal errors? Using a regular msfvenom a**x payload.

    izzie

  • @izzie said:
    Any hints on getting past 500 - Internal errors? Using a regular msfvenom a**x payload.

    May you have an error.

  • Made it finally!
    If anyone needs any help, dont hesitate to pm me!

    Mist0

  • @thek said:
    Something strange is happening!
    I trying many times to upload a file for over two hours....
    Always returning the message "File uploaded successfully" but the file not exists!
    Earlier this flow were working.
    This happens only to me or there is someone else who has this problem?

    It happens when it gets poorly overwritten by someone else...just be quick and may the force be with you :bleep_bloop:

  • @izzie said:
    Any hints on getting past 500 - Internal errors? Using a regular msfvenom a**x payload.

    same.

    Hack The Box

  • I've probably pulled out more than 50 hairs out of my beard at this point. I can't for the life of me work out what I'm supposed to do now, trying not to spoil here but I've enumerated the page and found what I need to find and I can put stuff where it needs to go but I have no idea how to get to RCE from there given what I'm guessing is a whitelist.

    I'm guessing my knowledge is lacking somewhere but I can't pinpoint what I need to go learn about in particular.. DM or a tip here would be great (without spoiling ofc)

    allahackbar

  • @allahackbar we're on the same boat

  • Follow up on that private mode tip: load the page cleanly. Don't reload or use a "result" version.

    hendrikvb

  • ah wtf, I was going about it the right way but thought it wasn't the right way because of what the server was doing (or not doing)

    allahackbar

  • the problem with 500 errors is that it is the wrong approach. it might be made work but there is another easier way using a different extension if that is not giving the rce by uploading game away. I got a shell and I am researching how to get administrator ATM.

    izzie

  • OMG the RCE part is soo anoying ...
    It's been 1 hours, i've been able to run 10 commands ...

    HomardBoy

  • i finally got a semi-working web shell but as others are saying it gets removed within < 30 seconds

    allahackbar

  • edited June 2018

    @allahackbar said:
    i finally got a semi-working web shell but as others are saying it gets removed within < 30 seconds

    This is the kind of things that is driving me nut ...
    I've install the same OS on a VM in order to prepare my commands, i have a precise idea of what to do, but i can't get a f****** stable web shell for more than 30 sec ...

    And hell no i can't afford a VIP pass only for this box :(

    HomardBoy

Sign In to comment.