Bounty

Could anyone nudge me in the right direction for priv esc. Have a couple ideas but shaky on the execution part…

hello everyone, I found some pages about uploaded stuff… but I have no clue how to use that. Could anyone give me a little push in the right direction?

I’m able to upload, and I know where they are going to. Having issues with payload. Can someone pm me so I can just check I’m not barking up the wrong tree

@AgentTiro said:
I’m able to upload, and I know where they are going to. Having issues with payload. Can someone pm me so I can just check I’m not barking up the wrong tree

seconded, same here

@digitalp2k said:

@AgentTiro said:
I’m able to upload, and I know where they are going to. Having issues with payload. Can someone pm me so I can just check I’m not barking up the wrong tree

seconded, same here

third that, tried a lot of formats with msfvenom but no luck

PM me for hints on payload for initial foothold.

Got root finally. That was a doozy and a fun one, especially after getting past the unstableyness. Shout out to @mrb3n for the good stuff :slight_smile:
Best tip for this box: mind the architecture.

@valkyrix said:

@digitalp2k said:

@AgentTiro said:
I’m able to upload, and I know where they are going to. Having issues with payload. Can someone pm me so I can just check I’m not barking up the wrong tree

seconded, same here

third that, tried a lot of formats with msfvenom but no luck

And … me too… I have tried many options like shell, reverse, web and exif in many format asp, aspx, php. Thus, I think my way to upload is not correct. I would appreciate help to learn something new.

Rooted the SYSTEM…PM for help !!!

@bonjourpancake said:
Could anyone nudge me in the right direction for priv esc. Have a couple ideas but shaky on the execution part…

so uh I had it right the first time but I just had to reset the box… rip :frowning:

Got root ! available for PM
small advice, prepare everything in advance so you’re not disturbed by other people trying the same thing :slight_smile:

@darkz3ro said:
easy box but unstable , i don’t know if someone deleting files but i can’t have more than 1 minute with a shell then i need to reset the machine.

How are you able to access your webshell? Whenever I go to the Spoiler Removed - Arrexel it just gives me a 403. And of course a direct answer to this would be a spoiler but could you nudge me in the right direction. I have exhausted my word-lists for dir busting.

Spoiler Removed - Arrexel

@mpgn said:

@sahil said:
Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

IT WORKED!!! Thank you so much!

I keep getting endless 500 errors, the effing eff.

@digitalp2k said:
I keep getting endless 500 errors, the effing eff.

then your payload if wrong. Try to be simple

@mpgn said:

@digitalp2k said:
I keep getting endless 500 errors, the effing eff.

then your payload if wrong. Try to be simple

even simple cmds are coming back as 500, I get 3 from the Googled script, but when I try and run any other commands, nothing.

I have the initial scan but think I’m down a rabbit hole chasing OPTIONS?? Dir buster brings me to a directory with no access??

server just hangs when I try to execute a payload/payload. I know the correct path/method. Is this expected?

@onlyamedic said:
server just hangs when I try to execute a payload/payload. I know the correct path/method. Is this expected?

I tried very complex payloads in the beginning. Those behave like you describe.