Once you find the vulnerable service, just try to play around with the format. Craft a valid file, before even going for the exploit. If you have a working format, the server will accept it. Then you can go and play with the payload. With an arbitrary payload you should be able to obtain user.txt.
So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?
@TheBull369 said:
So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?
I need some help with user.txt, I already know the vulnerability and how to get RCE from it (Similar to aragog since I already got the user of that). However, this application does not show the output of the LFI, which I am trying to redirect to myself at a http or ftp server. However, does not seem to work by any reasons. Can someone PM about it.
This was fun @lokori. I enjoyed this machine. Keep up the good work mate. I really liked the way you left subtle hints to not land in rabbit hole and keep progressing.
For those who are still on this machine, you need to be a spider killer, and be Marty at the same time!
Hello guys, I have some doubts on the payload, through XML I can see some important files but I can’t launch commands (maybe for a reverse shell… I don’t know if I’m on the right track!)
Well, I need some push with that xml. I am trying to upload classical XML, when I tested XML injection, I was able to delay server response, but I am not able to get anywhere. I udnerstand I should format it author/subject/content in some article, or feed, or something, but only 200 response I get is when I do not upload file with xml ending.
Maybe I am just too tired, but hint is very welcome:D
OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?
@karelchajim said:
OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?
see you nmap scan again… think how can u use those port with xml