@Cryovenom said:
This box is kicking my ■■■. I found a directory where I’m assuming I should be able to place a file to give me a reverse shell, but I can’t seem to figure out how to upload a file at all. I’ve thrown every enumeration tool I’ve got at this thing and come up empty handed. I thought I found an rce vuln but it seems that all I can do with it is DoS, which isn’t helpful. I’ve spent way too much time googling things related to the name of the box, the architecture of the web server, and the picture on the one static index page…
Can someone give me a hint on getting an initial foothold?
If you haven’t found a place to upload, maybe you should focus your enumeration on the server technology. You don’t need a huge wordlist, just play with parameters. Think about the kind of pages that you may find.
@NinjaRockstar@natalioruiz If you google for exploits by uploading [thing you already know] you find an article with a small PoC - you can use this to check if code is executed. Replace the PoC code lines by a command for executing system commands in that language and parse the multi-line output.
Stuck on this box. Enumerated and found a way to upload files, know where the files are uploaded, bypassed file upload protection, and know that I can run code in a certain language, but any useful code in that language, such as running a system command, results in a 500, apparently because the box’s designer intentionally made it so that specific libraries needed to run commands etc. would not function. No matter how simple the payload, it just doesn’t work. Have yet to find a way past this problem.
SOOO… no ■■■■… there I was. Able to upload to the server but unable to execute or find the right payload (can’t figure out which is the problem). Messed around with file name manipulation while uploading with burp to no avail. Can anyone give me a bit of a nudge on how to get any presence on this box? PM if possible.
Im probably missing something stupid. I can run almost any command I want on the machine using an uploaded web command shell, except for getting a reverse shell which results in a 500 error. Any hints on where I should look next? Thanks
@Thun said:
I don’t get it. Everyone gets root so easily yet here I am… trying every privesc exploit from x86 and x64 suggesters and still staying as a user…
Struggling to figure out what to upload. Tried all of the things I can think of and still getting Invalid File. Any hints for how I can figure this out or do I just need to iterate through even more?
Can someone please let me know what kind of payload to use. I know what file I need to upload but I keep getting 500 error whenever I try to access it after doing the upload
what wordlist are u guys normally using to find the directories? i been enumerating this box for a whole day and found couple of 301 directories and when i tried to access all are 403 forbidden and an aspnet_client directory. cant rather find the directory to upload as there were people mentioning in this thread that there is a directory where we can upload for rce. a nudge in the correct path would be gud.
i also exif the image where 2 similar images were in it.
@strolling33 said:
what wordlist are u guys normally using to find the directories? i been enumerating this box for a whole day and found couple of 301 directories and when i tried to access all are 403 forbidden and an aspnet_client directory. cant rather find the directory to upload as there were people mentioning in this thread that there is a directory where we can upload for rce. a nudge in the correct path would be gud.
i also exif the image where 2 similar images were in it.
Are you searching for files as well as directories? Think about what file extensions you are searching for. What type of web server is it, and what framework is running on it? What type of files may you find used by that framework?