Bounty

@izzie said:
Any hints on getting past 500 - Internal errors? Using a regular msfvenom a**x payload.

same.

I’ve probably pulled out more than 50 hairs out of my beard at this point. I can’t for the life of me work out what I’m supposed to do now, trying not to spoil here but I’ve enumerated the page and found what I need to find and I can put stuff where it needs to go but I have no idea how to get to RCE from there given what I’m guessing is a whitelist.

I’m guessing my knowledge is lacking somewhere but I can’t pinpoint what I need to go learn about in particular… DM or a tip here would be great (without spoiling ofc)

@allahackbar we’re on the same boat

Follow up on that private mode tip: load the page cleanly. Don’t reload or use a “result” version.

ah wtf, I was going about it the right way but thought it wasn’t the right way because of what the server was doing (or not doing)

the problem with 500 errors is that it is the wrong approach. it might be made work but there is another easier way using a different extension if that is not giving the rce by uploading game away. I got a shell and I am researching how to get administrator ATM.

■■■ the RCE part is soo anoying …
It’s been 1 hours, i’ve been able to run 10 commands …

i finally got a semi-working web shell but as others are saying it gets removed within < 30 seconds

@allahackbar said:
i finally got a semi-working web shell but as others are saying it gets removed within < 30 seconds

This is the kind of things that is driving me nut …
I’ve install the same OS on a VM in order to prepare my commands, i have a precise idea of what to do, but i can’t get a f****** stable web shell for more than 30 sec …

And ■■■■ no i can’t afford a VIP pass only for this box :frowning:

Reread all previous comments if your shell fails after a few seconds…

any hint for priv esc?

I dunno if I’m going about it the right way but I’m trying to do something through my web shell as part of the way to get initial foothold but the server just hangs when I try to do what I’m trying to do :frowning:

I can’t think of any other way to gain a foothold

@HomardBoy said:
i can’t get a f****** stable web shell for more than 30 sec …

You don’t need more than 30 second. You know the file will be quickly deleted, so don’t focus only on a webshell

I have RCE but I can’t get how to get a shell. I really need a hint, this first contact sucks hard

@seiyathesinx said:
I have RCE but I can’t get how to get a shell. I really need a hint, this first contact sucks hard

If you have RCE, think of ways you can transfer files.

Anyone able to help out, i’ve found the appropriate pages, I can upload some things, but nothing that gives either RCE or a shell. I’ve tried various formats, and bypassed the filter, but get either 404 or 500 errors, and it’s not obvious if there’s any pattern to that. Any pointers to either the format or type of payload would be helpful. just need a nudge needed, i’m happy to work on the rest

User took me 2 days… with a nudge to get me over the line. Root took < 5 minutes lol.

I got thrown off big time because yesterday something I was trying to do kept crashing the server so I reasoned that I was doing was completely wrong. Then I went down a massive rabbit hole until I got that nudge which clarified that the server was not supposed to be crashing when I was doing what I was trying to do.

Thank you to the designer of this machine for the chance to get to know offer one of the basic tools in Kali. To this day I did not know what she offers.
Thanks / Dziękuje

Can I shoot someone a DM and run through my current train of thought? I’m afraid I might be stuck down a rabbit hole

^