Stratosphere

i am stuck at getting a initial foothold. i found some .actions but cant find any rce.
can someone give some hint or some reference to look at ? also i googled a bit but no luck !!

You need to identify the service calling the action and look for a well known exploit in that service.

I have question about countermeasures to avoid last trick with python PM.

I found a webapp with actions. I think i also know the vulnerability hat needs to be exploited but all my attempts failed. Can anyone PM me? I’d like to know whether I’m running into the wrong direction.

Have RCE and gotten to the last challenge, unable to get success. Can someone PM

Okay nvm got it, just pay attention to little details and ask why.

@linted thanks for the box. The privesc part was great. I was astonished that it worked :slight_smile:

Hi guys, I was user r****** but i cant be root.Please PM for any hint

Hey guys so I think I’ve worked out what I need to do after RCE but I’m not 100% sure, would someone be able to PM me and let me know if I’m one the right track?

Ah I am on the right track but server keeps playing up and timing out even though I’m doing the exact same things

root was much easier than i expected, but not sure why the connections to this box was so unstable.

box is very unstable, i’ve got user now and have done 3 parts of the python thing, but no matter what ive done i cant get the last one, used both the tool that goes meow and online resources, any hints lol?

I dont think the 3 parts are needed, atleast i did not do them. You can check other methods

well I finally did the fourth part with my old friend johnny, but totally stuck on this last bit of priv esc… I feel really dumb seeing as a lot of people are saying it was super easy… anyone want to pm me with a nudge lol, would be much appreciated

accidentally made post instead of sending message. just ignore this post pls

rooted, finally :slight_smile:

really clever, hats off to the creator!

Achieved RCE, enumerated everything i can think of, found some creds as service-user,
but cant find where to use them
could someone pm me please?

I have RCE, but I seem to be missing something. I have creds, but they aren’t working. Anyone who I can PM about this?

Rooted after a kind soul helped me out of a very deep rabbit hole. Somebody in this discussion thread said something like: “You need only basic scripting skills for priv esc” and this is really true. With hindsight it was “easy” - you say to yourself (if you have ever written any script in that language that was more advanced than Hello World) “I should have known that”.

Not that it was not super interesting to learn in detail about the *** debugger and how it cannot deal with different threads - but it was not really required…

@kekra said:
Rooted after a kind soul helped me out of a very deep rabbit hole. Somebody in this discussion thread said something like: “You need only basic scripting skills for priv esc” and this is really true. With hindsight it was “easy” - you say to yourself (if you have ever written any script in that language that was more advanced than Hello World) “I should have known that”.

Not that it was not super interesting to learn in detail about the *** debugger and how it cannot deal with different threads - but it was not really required…

just fyi you don’t even need to know how to know scripting for priv esc, just a firm grasp on googling skills