Dev0ops hints

Anyone want to trade hints for user or Privesc on Devoops that has Celestial? PM me

@nardin said:

@J3rryBl4nks said:
My payload seems to be malformed, can anyone PM me about the format of the payload?

There must be a father with 3 sons :wink:

What a subtle hint LOL

Nice Box - made me get familiar with something im not versed it - props to the creator.

Rooted!

Once you find the vulnerable service, just try to play around with the format. Craft a valid file, before even going for the exploit. If you have a working format, the server will accept it. Then you can go and play with the payload. With an arbitrary payload you should be able to obtain user.txt.

PM if more hints are needed.

Finally rooted it.

If anyone need hint without spoiler, just PM me.

It is a really good box.

Nice box… finally rooted it with the guidance of some hints… especially the look in the past one was really helpfull to get root :slight_smile:

So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?

@TheBull369 said:
So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?

try to read some other files

Rooted! Hints helped. PM if you need a nudge.

OK rooted.

in order to root this box you have to roughly understand how Spoiler Removed - Arrexel.
This very tough for me, i’m pure infra guy :).

This machine is really awesome. Actually I was crazy for a moment but @Didakt comment rescue me. Thanks @lokori ,@Didakt

Rooted! Great Box … Learned a lot from this one… Thanks @lokori

I’ve tried modifying the payload, but seems like I’m missing something. Maybe there’s more to the eye on the u page?

I need help. I could not find anything except the ports. Any hint?
edit, was stupid enough. nvm

I need some help with user.txt, I already know the vulnerability and how to get RCE from it (Similar to aragog since I already got the user of that). However, this application does not show the output of the LFI, which I am trying to redirect to myself at a http or ftp server. However, does not seem to work by any reasons. Can someone PM about it.

This was fun @lokori. I enjoyed this machine. Keep up the good work mate. I really liked the way you left subtle hints to not land in rabbit hole and keep progressing.
For those who are still on this machine, you need to be a spider killer, and be Marty at the same time! :smiley:

Hello guys, I have some doubts on the payload, through XML I can see some important files but I can’t launch commands (maybe for a reverse shell… I don’t know if I’m on the right track!)

Any suggestions in PM?

Well, I need some push with that xml. I am trying to upload classical XML, when I tested XML injection, I was able to delay server response, but I am not able to get anywhere. I udnerstand I should format it author/subject/content in some article, or feed, or something, but only 200 response I get is when I do not upload file with xml ending.
Maybe I am just too tired, but hint is very welcome:D

I rooted this thanks to @msslaughter and @SpZ. PM me if you need help

OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?