Dev0ops hints

This machine is really awesome. Actually I was crazy for a moment but @Didakt comment rescue me. Thanks @lokori ,@Didakt

Rooted! Great Box ā€¦ Learned a lot from this oneā€¦ Thanks @lokori

Iā€™ve tried modifying the payload, but seems like Iā€™m missing something. Maybe thereā€™s more to the eye on the u page?

I need help. I could not find anything except the ports. Any hint?
edit, was stupid enough. nvm

I need some help with user.txt, I already know the vulnerability and how to get RCE from it (Similar to aragog since I already got the user of that). However, this application does not show the output of the LFI, which I am trying to redirect to myself at a http or ftp server. However, does not seem to work by any reasons. Can someone PM about it.

This was fun @lokori. I enjoyed this machine. Keep up the good work mate. I really liked the way you left subtle hints to not land in rabbit hole and keep progressing.
For those who are still on this machine, you need to be a spider killer, and be Marty at the same time! :smiley:

Hello guys, I have some doubts on the payload, through XML I can see some important files but I canā€™t launch commands (maybe for a reverse shellā€¦ I donā€™t know if Iā€™m on the right track!)

Any suggestions in PM?

Well, I need some push with that xml. I am trying to upload classical XML, when I tested XML injection, I was able to delay server response, but I am not able to get anywhere. I udnerstand I should format it author/subject/content in some article, or feed, or something, but only 200 response I get is when I do not upload file with xml ending.
Maybe I am just too tired, but hint is very welcome:D

I rooted this thanks to @msslaughter and @SpZ. PM me if you need help

OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?

See if there any other files you can read that can help you connect to the server

@karelchajim said:
OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?

see you nmap scan againā€¦ think how can u use those port with xml

rooted!
if you want hints you can ask me.

I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

@UserAlpha said:
I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

Think of ways, how you can login to a machine. You donā€™t have to pop a reverse shell.

@0x23B said:

@UserAlpha said:
I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

Think of ways, how you can login to a machine. You donā€™t have to pop a reverse shell.

Was using the wrong identity file. Thanks - in as low priv user. Time to try escalate.

@0x23B said:

@UserAlpha said:
I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

Think of ways, how you can login to a machine. You donā€™t have to pop a reverse shell.

Got root. Thankā€™s again.

Would someone point me in the direction of using the upload syntax? Iā€™ve been playing around with an online validator but correct syntax/structure in the validator still yields nothing.I cannot seem to get any sort of response other than the Internal Server Error. PMs welcome.

Stuck at priv esc, any hints?

I just rooted this machine tonight after over thinking the path for priv esc. For those of you having problems with it here are some tips:

  • Re-read the posts here
  • Re-read what you have enumerated (files, services, apps)
  • Read the file again until you see what you have been scrolling past for hours

@lokori thanks for creating this machine! It has been the most rewarding one I have worked on so far. Got to play with a lot of different techniques I havent used yet, learned a lot.

Cheersā€¦ On to the next oneā€¦