Bounty

Was the crappy shell. Got meterpreter, pwned soon.

cant find user.txt anywhere, any hints?
edit: nvm :slight_smile: i forgot how to use dir

Hi, I’m still quite new to web applications side of things. I managed to find something that I know it will be used. But for that I would need to do some action before. Can anyone give me a hint or point me to a resource so that I can learn about it? If you prefer you can DM me

Can’t get my rev_tcp to connect back. Built it with file format and arch in mind and can upload it but nothing back when i visit it, no events in wireshark for some reason. Anyone able to tell me what im doing wrong with it or just plain say im going the wrong route :slight_smile:

could someone help i run dirb i found directory but nothing else i enumerate something about asp.net but i don’t know what to do

Anyone have a pointer for the shell portion? I believe I know the file I need to upload to do RCE, have tested this by executing a ping to myself and I see the results in tcpdump. I have not been able to figure out how to get the RCE to display anything back to me or to execute webshell’s (I always get a 500 error). Any pointers let me know, feel like I am close just must be overlooking something simple.

Hint about uploading file. I used bull Injection, bypass using double extension and Invalid Extension Bypass with no success. In addition I tested with whole extensions I know in order to define whitelisted/blacklisted extension

There is an article how you can execute commands after some generation IIS. But I couldn’t copy and use this code. After rewrite starter works

@Maniek said:
There is an article how you can execute commands after some generation IIS. But I couldn’t copy and use this code. After rewrite starter works

Would you mind to send me (PM) the link of this article ?

Thnx

Got root, PM me for any hint :wink:

hahahahah, i don’t know how HTB accepted this box,
this box is less than script kiddies level :D,
However thanks for the creator

I am doing foothold step. This is super easy if you did Aragog machine :smiley:
Oops. Wrong box!

Interesting and fun box - and humbling … theoretically I should have known about the intital foothold as I worked with that platform / service since a long time. But seems I had to test every not applicable exploit and misconfiguration until I googled the correct one.

My hint, with hindsight: If you find some non-working exploits / interesting articles that sound as if they should apply here but aren’t - take a look at the names of the guru researchers whose names come up again and again - the guys who found several exploits. Check what else they have written …

Having issues with how to make use of the RCE, can see ping when execute, but haven’t been able to make any use of it, partly because I can’t get any output working in my code so I can see whats what. Anyone able to drop me a message or a push?

@J3rryBl4nks said:
Is anyone able to get a stable shell? Mine keeps getting a 500 after 2 requests.

ITs because there is too many people overwriting your file. You just need to use your initial shell to create another one that is a bit more stable. Think about things you can upload perhaps things that are available in linux by default that you usually use.

Someone able to send me a DM with a small hint on how to get the initial shell?
I think I have RCE, managed to find an example showing that I have RCE but every further step throws a error 500 :frowning:

Please help, I’ve found some directories but no file so far, always havin 403 forbidden error, whats next?

got root :slight_smile: dug a bit further based on some pointers…

Finally I got a limited webshell. Anyway I have a problem for establishing a real reverse shell connection. I tested all I know. Please I really appreciate a hint via PM.

@cvrloz said:
Please help, I’ve found some directories but no file so far, always havin 403 forbidden error, whats next?

any hints uploading the file?