@kekra said:
Great box - no ‘obvious guesses’ involved, you can build up the ‘exploit’ step by step.Seems I was lucky with the reverse shell - it worked right away and as very stable, so I did not try to work around the ‘remaining expected error’. My advice is to 1) build up a non-malicious pe gradually, so that you can be sure that the server unps it nicely. 2) Then add a payload and keep it as simple as possible.
As others have said, create your own scripts to replicate what the server does. If you review the code see how you can ‘activate’ / ‘deactivate’ a payload so that you might tell issues with encoding etc. from issues with the actual payload.
For escalating to user: Don’t be too aggressive with published exploits, just look around
Escalation to root - no surprises: Follow the standard procedure, google a bit.
My payload works fine: Server gives me quote response
My malicious code works file: I tested with function (the same function in source code)
My payload with malicious code give me 500 error
I saw response result and i think i saw the problem but i don’t know what to do next. Thanks for hint!