Bounty

1568101116

Comments

  • Stuck on upload for days now. Tried various extensions bypass. Tried generating various types of payloads, php, asp, aspx. etc. All without success. PM please.

    jadepycl

  • @jadepyc said:
    Stuck on upload for days now. Tried various extensions bypass. Tried generating various types of payloads, php, asp, aspx. etc. All without success. PM please.

    same here, for any file extension that whould allow me to run code I just get a 404. Can I PM somebody for any hint?

    Hack The Box

  • PM me if need help on payload

    muzzzzzy

  • I am trying to get a shell on this box, but I have issues. I found an exploit that could potentially execute shellcode for me, but it requires FTP to be open. The problem is that zenmap says that this port is closed, and if I try to connect "manually" I get a connection timeout. Also I tried to reset the box and try again, but I got the same result. Am I in the right track, or I am banging my head against the wall ?

    Revolution

  • If uploading payloads directly doesn't work. Then maybe you should look into other avenues. Like a file type that will give you code execution.

    Everything doesn't have to be easy straight forward as directly upload a payload and pop shells.

    There is a Certain Utility that makes the most of living off the land when all you have is code execution.
  • Finally figured out the upload method. Thanks to the hints about extensions. I gritted my teeth and did a brute force to find all valid extensions. Working on payload now.

    jadepycl

  • edited July 2018

    finally rooted. learn a lot of new things

  • Finally rooted. Learnt patience and perseverance mostly :)

    Parttimesecguy

  • I really have issues to establish a reverse shell.
    I tried so many ways but it doesn't works. I tried with wee**** but the connection crashes all the time.
    Someone could give me a hint?

    Fluxx79

  • @Fluxx79 said:
    I really have issues to establish a reverse shell.
    I tried so many ways but it doesn't works. I tried with wee**** but the connection crashes all the time.
    Someone could give me a hint?

    Powershell.

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • @mochan said:

    @Fluxx79 said:
    I really have issues to establish a reverse shell.
    I tried so many ways but it doesn't works. I tried with wee**** but the connection crashes all the time.
    Someone could give me a hint?

    Powershell.

    Thx mochan
    But I just don't get it.
    I figured out what file extensions are allowed when I try to get a connection to the shell I fail. I tested with other files, they work like a charm, but the shell fails.
    Can you give me another hint?

    Fluxx79

  • Would someone be able to ping me a dm, I have questions on the initial foothold. I've worked through a lot of venom payloads and several techniques to bypass the file type filters. I just need a little nudge in the right direction.

    ipbsec

  • Instead of focusing on getting a shell, how about looking to see if you can get RCE.
  • aaah, I think i'm on to something. Thanks.

    ipbsec

  • Wow... it's easy to overthink this one. Different extensions may not just function as 'standard' ones might.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • can anyone PM me i need help. I am stuck on Priv escalation ...

  • edited July 2018

    Spoiler Removed - Arrexel

    This simply means that there is some sort of file upload functionality in this machine which might get me to shell. But I can't figure out the resource where i can go and try exploit this issue.

    I know I can enumerate this machine once more, but this machine resets so quickly that my scan results returns nothing. So, Instead of going through the whole process I have decided to drop a comment here. If I can get a hint on how to proceed further I may be able to do it quicker .

  • edited July 2018

    Hi people ! Can someone send me a PM about download/exec through webshell ? Got Webshell, users.txt, but keep crashing while trying oneliners download exec. Thanks in advance ! (Got the list of allowed extensions too, Maybe I Overthink ...)

    CrazyFragzzz

  • edited August 2018

    Any hints on the file ext? I found a bunch that work, but nothing that I can use.

    Edit: Nevermind, got it! Time for what seems to be a frustrating user flag. Oh boy.

  • edited August 2018

    I got a stable meterpreter shell for user, but can not find user.txt file anywhere. Even tried to search with dir /s user.txt, but File Not Found.

    _Edit: *Spoiler Removed - Arrexel*

  • Finally got root after more than 3 weeks. Lesson learned from this box: Powershell reverse shell is not the same as meterpreter reverse shell O_ô

    OSCP


    0x23b

  • edited August 2018

    anyone working bounty that could pm me? got some rce on file upload but stuck on next steps. I have played with arch but can't get anything but 500.

    Arrexel

  • How is everyone finding where the file is uploaded? Is anyone willing to PM me with a nudge in the right direction? Please. I can't figure out where my uploads are going. THX

  • Got RCE, having trouble moving files over to the Windows machine.

    Anyone to PM?

    War4uthor

  • edited August 2018

    I know which file extension is able to bypass the check and I have basic rce but I have no idea how to execute system commands. I always get a "500 - Internal server error". Can someone pm me?

    cortex42

  • Edit: I still can't verify rce, I can verify an image file upload. But none of the pOc's I've tried have worked for rce. I'm trying more than one method, but neither work. I either get the 500 error when trying th we*****ig or cannot be displayed with the other method.
    Is anyone here willing to give a little help via PM? I'm really stuck here, I'm to the point I'm not making any progress

  • ok am lost here... been banging away at this box for way to long. I know where to upload. I have tried various webshells and RCEs but nothing. everytime i browse to upload directory, it either a 500 or 404.. really need and clue

  • @aelric said:
    ok am lost here... been banging away at this box for way to long. I know where to upload. I have tried various webshells and RCEs but nothing. everytime i browse to upload directory, it either a 500 or 404.. really need and clue

    Same here. I've tried every combination of public pOc, and have added numerous variants of code myself. And all I get is the 500 error code at first, then after 30 seconds get the 400.
    I've went over the pOc line by line, and changed little things while trying each time with the same outcome (500 error). I've used pOc from payloadallthethings, and tried it with so many different alternatives that I've lost count. I can't understand how so many people got rce so easily, while I can't even get the slightest sign of rce.
    Anyone willing to help at all. Please PM!!

  • So I got RCE.. all I can do is get it to ping me though. Any kind of output results in a 500 error.. can anyone help? PM me if you need help getting to where I am... which is slightly short of getting user (and maybe we can help each other!)

    Hack The Box

  • If you think you have RCE, how about pinging yourself and watching for the traffic with wireshark?
Sign In to comment.