Dev0ops hints

So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?

@TheBull369 said:
So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?

try to read some other files

Rooted! Hints helped. PM if you need a nudge.

OK rooted.

in order to root this box you have to roughly understand how Spoiler Removed - Arrexel.
This very tough for me, i’m pure infra guy :).

This machine is really awesome. Actually I was crazy for a moment but @Didakt comment rescue me. Thanks @lokori ,@Didakt

Rooted! Great Box … Learned a lot from this one… Thanks @lokori

I’ve tried modifying the payload, but seems like I’m missing something. Maybe there’s more to the eye on the u page?

I need help. I could not find anything except the ports. Any hint?
edit, was stupid enough. nvm

I need some help with user.txt, I already know the vulnerability and how to get RCE from it (Similar to aragog since I already got the user of that). However, this application does not show the output of the LFI, which I am trying to redirect to myself at a http or ftp server. However, does not seem to work by any reasons. Can someone PM about it.

This was fun @lokori. I enjoyed this machine. Keep up the good work mate. I really liked the way you left subtle hints to not land in rabbit hole and keep progressing.
For those who are still on this machine, you need to be a spider killer, and be Marty at the same time! :smiley:

Hello guys, I have some doubts on the payload, through XML I can see some important files but I can’t launch commands (maybe for a reverse shell… I don’t know if I’m on the right track!)

Any suggestions in PM?

Well, I need some push with that xml. I am trying to upload classical XML, when I tested XML injection, I was able to delay server response, but I am not able to get anywhere. I udnerstand I should format it author/subject/content in some article, or feed, or something, but only 200 response I get is when I do not upload file with xml ending.
Maybe I am just too tired, but hint is very welcome:D

I rooted this thanks to @msslaughter and @SpZ. PM me if you need help

OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?

See if there any other files you can read that can help you connect to the server

@karelchajim said:
OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?

see you nmap scan again… think how can u use those port with xml

rooted!
if you want hints you can ask me.

I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

@UserAlpha said:
I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

Think of ways, how you can login to a machine. You don’t have to pop a reverse shell.

@0x23B said:

@UserAlpha said:
I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

Think of ways, how you can login to a machine. You don’t have to pop a reverse shell.

Was using the wrong identity file. Thanks - in as low priv user. Time to try escalate.