Stratosphere

@kekra said:
Rooted after a kind soul helped me out of a very deep rabbit hole. Somebody in this discussion thread said something like: “You need only basic scripting skills for priv esc” and this is really true. With hindsight it was “easy” - you say to yourself (if you have ever written any script in that language that was more advanced than Hello World) “I should have known that”.

Not that it was not super interesting to learn in detail about the *** debugger and how it cannot deal with different threads - but it was not really required…

just fyi you don’t even need to know how to know scripting for priv esc, just a firm grasp on googling skills

any little hint for privesc?

Rooted. This box was pretty neat. :slight_smile:

I found a webapp with actions. I think i also know the vulnerability hat needs to be exploited but all my attempts failed. Can anyone PM me? I’d like to know whether I’m running into the wrong direction.

Can someone help me out on how to pass that password to the service? It keeps giving me event not found error when I try to use it with the RCE. I tried all kinds of different quotes variations but still get the same error…

This box is all about public exploit and vulnerability. You can easily solve this box if you have a good enum. PM me if you need more hints.

What do people mean when they refer to actions?

A pm would be appreciated?

I’m go to last step but got something like this:
sh: 1: ***.py: Permission denied

anyone pls nudge me :cry:

Just rooted it. :smile:

I have RCE but I dont know what to do anymore … Ive Literally looked through the full machine without a proper shell. L I T E R A L L Y the full machine. Ive mapped out all the directories still couldnt find anything . I read something about an xml file but they dont contain anything useful besides a keyring reference which im about to check out. But thats my last hope. pls gimme a hint .

Hi beautiful people can some great mind give me a hint? I am stuck on enumeration… Do I need to start my attack vector from ssh?

So I’ve managed RCE. I’ve got the creds and I know where they are to be used, but not sure of the syntax tho. Can anyone please PM me to discuss the same?

@marbew said:
Hi beautiful people can some great mind give me a hint? I am stuck on enumeration… Do I need to start my attack vector from ssh?

look at other service first , not ssh :slight_smile:

Hi, can someone put me in the right direction with priv esc ? I am receiving the “not found” message when I run the .py script.

Really fun box ! Rooted

Mistaken post

got rce on this box but as there is no shell possible due to outbound am finding it really hard to find anything so tips welcome re: how to up/download, list files, as not getting anywhere fast currently and is dull, work, maybe recommend a more stable payload/ exploit … pm please.

nvm looking at root now

Finally rooted, it was a very nice box!
My 2 cents:

  • Getting user takes much more effort than root. Enumeration is the key for foothold!
    Lots of folks complain about getting a stable shell. I didn’t do it, though you need beginners programming skills in python to craft a shell-alike based on the public PoC for the RCE (that’s what I did). Then you need again more enumeration to own the user.
  • For the root, just do not overthink it! There is a rabbit hole big time! So do not try to go the steps of that “rabbit hole”, instead just read its first lines and you should understand how to use that in your advantage.

Sorry if I said to much here.

Just got root. This is a very good box and I believe realistic. The hints in this thread are helpful. Use what you have to gain the a low privilege shell. Once inside, look what stands out, and google what you are trying to do.

hey i am stuck in don’t know from where to get the creds for manager can anyone please Pm me or give me a hint i am on right track on missing something