Stratosphere

Hey guys so I think I’ve worked out what I need to do after RCE but I’m not 100% sure, would someone be able to PM me and let me know if I’m one the right track?

Ah I am on the right track but server keeps playing up and timing out even though I’m doing the exact same things

root was much easier than i expected, but not sure why the connections to this box was so unstable.

box is very unstable, i’ve got user now and have done 3 parts of the python thing, but no matter what ive done i cant get the last one, used both the tool that goes meow and online resources, any hints lol?

I dont think the 3 parts are needed, atleast i did not do them. You can check other methods

well I finally did the fourth part with my old friend johnny, but totally stuck on this last bit of priv esc… I feel really dumb seeing as a lot of people are saying it was super easy… anyone want to pm me with a nudge lol, would be much appreciated

accidentally made post instead of sending message. just ignore this post pls

rooted, finally :slight_smile:

really clever, hats off to the creator!

Achieved RCE, enumerated everything i can think of, found some creds as service-user,
but cant find where to use them
could someone pm me please?

I have RCE, but I seem to be missing something. I have creds, but they aren’t working. Anyone who I can PM about this?

Rooted after a kind soul helped me out of a very deep rabbit hole. Somebody in this discussion thread said something like: “You need only basic scripting skills for priv esc” and this is really true. With hindsight it was “easy” - you say to yourself (if you have ever written any script in that language that was more advanced than Hello World) “I should have known that”.

Not that it was not super interesting to learn in detail about the *** debugger and how it cannot deal with different threads - but it was not really required…

@kekra said:
Rooted after a kind soul helped me out of a very deep rabbit hole. Somebody in this discussion thread said something like: “You need only basic scripting skills for priv esc” and this is really true. With hindsight it was “easy” - you say to yourself (if you have ever written any script in that language that was more advanced than Hello World) “I should have known that”.

Not that it was not super interesting to learn in detail about the *** debugger and how it cannot deal with different threads - but it was not really required…

just fyi you don’t even need to know how to know scripting for priv esc, just a firm grasp on googling skills

any little hint for privesc?

Rooted. This box was pretty neat. :slight_smile:

I found a webapp with actions. I think i also know the vulnerability hat needs to be exploited but all my attempts failed. Can anyone PM me? I’d like to know whether I’m running into the wrong direction.

Can someone help me out on how to pass that password to the service? It keeps giving me event not found error when I try to use it with the RCE. I tried all kinds of different quotes variations but still get the same error…

This box is all about public exploit and vulnerability. You can easily solve this box if you have a good enum. PM me if you need more hints.

What do people mean when they refer to actions?

A pm would be appreciated?

I’m go to last step but got something like this:
sh: 1: ***.py: Permission denied

anyone pls nudge me :cry:

Just rooted it. :smile: