Canape

1235711

Comments

  • edited June 2018

    Any tips on the initial foothold? I've been studying both the DB found and how to "link" it somehow to the repository, still no clue at all. I've never had to deal with these. Damn, I don't even know that's the way.

  • Anyone free for me to quiz about exploiting this?

  • edited June 2018

    got user.txt, stuck on privesc, can anyone give a hint in PM?

    UKINT

  • @nscur0 said:
    To everyone stuck at their pickled payload not working when submitted to the site: try using a popular http library for the submission of your pickled code. Copy & pasting the payload from the terminal + bad url encoding fucks up the payload, with the mentioned library it worked flawlessly.

    Dear baby Jesus this was the best advice in this thread (related to pickle anyways). Thanks nscur0.

  • Hello folks! Can someone DM me for a nudge on the user.txt? I got some footfold, found a hash and gained admin access to couchdb. Would also appreciate to exchange ideas as well :D .

  • The best machine so far. Learn a lot, thx @overcast

  • Got user.txt, can anyone PM me for privesc to root please?

  • > @Neol said:
    > Got user.txt, can anyone PM me for privesc to root please?

    You should try on your own first :)

    drtychai

  • @drtychai said:
    > @Neol said:
    > Got user.txt, can anyone PM me for privesc to root please?

    You should try on your own first :)

    I tried it for hours... I don't want to make spoilers so i prefer via PM.

  • Hey, Can Anyone help me with the intial foothold. I've been able to get a low privileged shell as www-data user but can't seem to find a way to do privilege escalation as Homer user. Any nudges in the right direction would be appreciated!

  • Can someone pm me, i have a doubt about the pickle but I dont want to give any spoiler here

    Hack The Box

  • I'm struggling with the initial foothold... I found the DB and "hidden link" but cannot seem to get anywhere from there. I have a sense that I am missing something from enumeration. What else am I missing here?

  • im getting this error
    ValueError: insecure string pickle
    any help?

  • just finished canape
    pure love for this box, feel free to pm for a nudge

  • Can anyone give me a hint on how to get user ?
    I have a shell on www-data, found a hash and got admin access to the couchdb but stuck at how to priv esc to the user.

    Hack The Box

  • @xtech

    Start from basic like make it to show sys version and build your command from there. Research the module more, you have that error cos the string does not end with new line.

  • owned, thanks to @R4yquazID for the help, i'm now also avalaible for any hints ;)

    Manaratz

  • I am logged in as user any hints on a stable shell?

  • @it4chi said:
    I am logged in as user any hints on a stable shell?

    python -c 'import pty;pty.spawn("/bin/bash")'

  • edited June 2018

    That is not what I meant, idk how to explain it here without spoiling it.
    Nvm got it, should have scanned all the ports in the beginning.

  • YESS YESS YESS i can feel the pain of everyone here. finally rooted!!

  • Kudos to @overcast to such a delightful machine. Rooted and learned a lot of stuff.

  • I got the initial foothold as www-data... found an interesting file with what seems to be username and hash but I do not know what to do with it now.. I ahve run it thru hashcat and no joy. Some one please help me!!

    H4ck3d5p4c3

  • @H4ck3d5p4c3 said:
    I got the initial foothold as www-data... found an interesting file with what seems to be username and hash but I do not know what to do with it now.. I ahve run it thru hashcat and no joy. Some one please help me!!

    Also stuck in the hash, looks like a rabbit hole

    Any hint to escalate from www to user ?

  • i've done the reverse using nc ipaddr port but the connection die istantly. Any other type of reverse doesn't work.
    Any hint?

  • I had fun on this one! Was so happy when I saw what I was given for root esc. Unpriv to user took a bit, but once I became familiar with the tech and stopped overthinking, it was easy.

    @seiyathesinx said:

    @H4ck3d5p4c3 said:
    I got the initial foothold as www-data... found an interesting file with what seems to be username and hash but I do not know what to do with it now.. I ahve run it thru hashcat and no joy. Some one please help me!!

    Also stuck in the hash, looks like a rabbit hole

    Any hint to escalate from www to user ?

    As said before, look at what is going on and what you now have access to.

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • priv esc to root is damn bugged, I get it with a very dirty try ;D

  • edited June 2018

    Well, i've got my low priv shell and the DB admin account, but i can't manage to escalate to the user ... I've try RCE on the DB with a well known CVE, but it look like a rabbit hole ... Can i get a hint where to look now, i'm a little bit lost !
    Edit: i got it ;)

    HomardBoy

  • Got root. Very very interesting machine and very interesting technologies involved. PM if you need help.

  • hi guys, I managed to get low privelege shell, now i'm trying to get user... I got the db admin account but can't manage to make RCE work with the well known CVE HomardBoy mentionned. I'm a bit lost because I don't see any other interesting process or things to do with the db...
    Can I get a hint ?

Sign In to comment.