Bounty

1235716

Comments

  • Finally I got a limited webshell. Anyway I have a problem for establishing a real reverse shell connection. I tested all I know. Please I really appreciate a hint via PM.

  • @cvrloz said:
    Please help, I've found some directories but no file so far, always havin 403 forbidden error, whats next?

    any hints uploading the file?

    "I have no special talents. I am only passionately curious"
    Besides hacking let's be friends | https://t.me/Oxt0x
    t00x](https://www.hackthebox.eu/home/users/profile/33640)

  • Hi, Have found the page and corresponding directory . Have established what can be uploaded but am having trouble getting that uploaded file to work how I want it to. Have tried all the methods I know about by using burp. A small nudge would be appreciated.

    Thanks

  • This box is kicking my ass. I found a directory where I'm assuming I should be able to place a file to give me a reverse shell, but I can't seem to figure out how to upload a file at all. I've thrown every enumeration tool I've got at this thing and come up empty handed. I thought I found an rce vuln but it seems that all I can do with it is DoS, which isn't helpful. I've spent way too much time googling things related to the name of the box, the architecture of the web server, and the picture on the one static index page...

    Can someone give me a hint on getting an initial foothold?

  • @Cryovenom said:
    This box is kicking my ass. I found a directory where I'm assuming I should be able to place a file to give me a reverse shell, but I can't seem to figure out how to upload a file at all. I've thrown every enumeration tool I've got at this thing and come up empty handed. I thought I found an rce vuln but it seems that all I can do with it is DoS, which isn't helpful. I've spent way too much time googling things related to the name of the box, the architecture of the web server, and the picture on the one static index page...

    Can someone give me a hint on getting an initial foothold?

    If you haven't found a place to upload, maybe you should focus your enumeration on the server technology. You don't need a huge wordlist, just play with parameters. Think about the kind of pages that you may find.

  • I know what to upload and where, but still not working... If anyone is willing to help me see what I'm missing a PM would be great. :)

  • @NinjaRockstar said:
    I know what to upload and where, but still not working... If anyone is willing to help me see what I'm missing a PM would be great. :)

    Same here, any kind of hint on the payload would be greatly appreciated.

  • @NinjaRockstar @natalioruiz If you google for exploits by uploading [thing you already know] you find an article with a small PoC - you can use this to check if code is executed. Replace the PoC code lines by a command for executing system commands in that language and parse the multi-line output.

  • Stuck on this box. Enumerated and found a way to upload files, know where the files are uploaded, bypassed file upload protection, and know that I can run code in a certain language, but any useful code in that language, such as running a system command, results in a 500, apparently because the box's designer intentionally made it so that specific libraries needed to run commands etc. would not function. No matter how simple the payload, it just doesn't work. Have yet to find a way past this problem.

  • SOOO... no crap.. there I was. Able to upload to the server but unable to execute or find the right payload (can't figure out which is the problem). Messed around with file name manipulation while uploading with burp to no avail. Can anyone give me a bit of a nudge on how to get any presence on this box? PM if possible.

  • Found a file I can upload and mess with... just can't figure out which coding language / syntax to utilize to take advantage of it...

  • got a shell. Any tips for finding user.txt? I feel like im missing something

  • It's a windows box.. all the users are in a certain users folder.. all users have a desktop..

  • Hi I found rce.It is working sometime but it isn't working sometime Why?..Hint Please PM..

  • @RageQuit, yeah I missed the obvious there somehow. Stuck on Privesc now, any hints would be appreciated

  • Im probably missing something stupid. I can run almost any command I want on the machine using an uploaded web command shell, except for getting a reverse shell which results in a 500 error. Any hints on where I should look next? Thanks

  • Rooted the box last night. :smile:

    Really good box, I learned a lot. Thank you @mrb3n

  • I don't get it. Everyone gets root so easily yet here I am.. trying every privesc exploit from x86 and x64 suggesters and still staying as a user.. :/

    Thun

  • @Thun said:
    I don't get it. Everyone gets root so easily yet here I am.. trying every privesc exploit from x86 and x64 suggesters and still staying as a user.. :/

    same place ;(

    I don't have Signature...

  • Struggling to figure out what to upload. Tried all of the things I can think of and still getting Invalid File. Any hints for how I can figure this out or do I just need to iterate through even more?

  • Can someone please let me know what kind of payload to use. I know what file I need to upload but I keep getting 500 error whenever I try to access it after doing the upload

  • edited July 2018

    Finally got it! Awesome box!

    sx02089

  • what wordlist are u guys normally using to find the directories? i been enumerating this box for a whole day and found couple of 301 directories and when i tried to access all are 403 forbidden and an aspnet_client directory. cant rather find the directory to upload as there were people mentioning in this thread that there is a directory where we can upload for rce. a nudge in the correct path would be gud.
    i also exif the image where 2 similar images were in it.

    Strolling33

  • @strolling33 said:
    what wordlist are u guys normally using to find the directories? i been enumerating this box for a whole day and found couple of 301 directories and when i tried to access all are 403 forbidden and an aspnet_client directory. cant rather find the directory to upload as there were people mentioning in this thread that there is a directory where we can upload for rce. a nudge in the correct path would be gud.
    i also exif the image where 2 similar images were in it.

    Are you searching for files as well as directories? Think about what file extensions you are searching for. What type of web server is it, and what framework is running on it? What type of files may you find used by that framework?

  • I have code execution on host, but any type of msf venom payload I try just returns a 500 error. I know what architecture the machine I running, what variant of host os, and have tried various types of shell, reverse/bind/powershell. Have tried enumerating machine from within the command based webshell, but still no shell. Any guidance? Thanks

  • Can someone give me hint on the initial attack vector on this machine? dirb and burp havent given me luck in this challenge.

  • edited July 2018

    @MaTRiX13 said:
    Hi I found rce.It is working sometime but it isn't working sometime Why?..Hint Please PM..

    I see the same effect. Anyway there's a delayed script every seconds which it's deleting content. I don't know why sometimes is working and sometimes is not. It's not a problem of refreshing browser and I get 404 error.

  • Can someone give me hint how to bypass the upload? I tried many techniques, but unsuccessfully.

  • rename :)

  • finally i got root
    take many day for finding exploit :D

    I don't have Signature...

Sign In to comment.