Dev0ops hints

XML file format is super easy. I suggest you guys play Aragog first. At least you will see basic easy XML file after some short steps. Now i am in the box and doing PE part

Very nice box, pretty straightforward. Thanks!

I can upload a good file and everything but im struggling to get one with the payloads ive seen online . if anyone has any tips or advice???

@K1K1 said:
I can upload a good file and everything but im struggling to get one with the payloads ive seen online . if anyone has any tips or advice???

use the same format that they need from you
“a father with 3 sons”

Got user after < 5 minutes and stuck at get root whole day :frowning: Can anyone help me please. I saw some interesting things but i couldn’t go further

finally got it. much simpler than what i was trying, but thats usually how it goes

Grr… i am down with the try harder thang… but when you hit a wall you hit a wall. Anyone willing to dm me. I have made some progress on initial shell but I just can’t get the payload right.

Spent four days figuring out the initial exploit/formatting. Two days on shell access and one day on root. The hints on this forum were critical to my success and I learned a ton along the way. Thanks @lokori for an awesome box!

Anyone want to trade hints for user or Privesc on Devoops that has Celestial? PM me

@nardin said:

@J3rryBl4nks said:
My payload seems to be malformed, can anyone PM me about the format of the payload?

There must be a father with 3 sons :wink:

What a subtle hint LOL

Nice Box - made me get familiar with something im not versed it - props to the creator.

Rooted!

Once you find the vulnerable service, just try to play around with the format. Craft a valid file, before even going for the exploit. If you have a working format, the server will accept it. Then you can go and play with the payload. With an arbitrary payload you should be able to obtain user.txt.

PM if more hints are needed.

Finally rooted it.

If anyone need hint without spoiler, just PM me.

It is a really good box.

Nice box… finally rooted it with the guidance of some hints… especially the look in the past one was really helpfull to get root :slight_smile:

So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?

@TheBull369 said:
So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?

try to read some other files

Rooted! Hints helped. PM if you need a nudge.

OK rooted.

in order to root this box you have to roughly understand how Spoiler Removed - Arrexel.
This very tough for me, i’m pure infra guy :).

This machine is really awesome. Actually I was crazy for a moment but @Didakt comment rescue me. Thanks @lokori ,@Didakt

Rooted! Great Box … Learned a lot from this one… Thanks @lokori