Stratosphere

What do people mean when they refer to actions?

A pm would be appreciated?

I’m go to last step but got something like this:
sh: 1: ***.py: Permission denied

anyone pls nudge me :cry:

Just rooted it. :smile:

I have RCE but I dont know what to do anymore … Ive Literally looked through the full machine without a proper shell. L I T E R A L L Y the full machine. Ive mapped out all the directories still couldnt find anything . I read something about an xml file but they dont contain anything useful besides a keyring reference which im about to check out. But thats my last hope. pls gimme a hint .

Hi beautiful people can some great mind give me a hint? I am stuck on enumeration… Do I need to start my attack vector from ssh?

So I’ve managed RCE. I’ve got the creds and I know where they are to be used, but not sure of the syntax tho. Can anyone please PM me to discuss the same?

@marbew said:
Hi beautiful people can some great mind give me a hint? I am stuck on enumeration… Do I need to start my attack vector from ssh?

look at other service first , not ssh :slight_smile:

Hi, can someone put me in the right direction with priv esc ? I am receiving the “not found” message when I run the .py script.

Really fun box ! Rooted

Mistaken post

got rce on this box but as there is no shell possible due to outbound am finding it really hard to find anything so tips welcome re: how to up/download, list files, as not getting anywhere fast currently and is dull, work, maybe recommend a more stable payload/ exploit … pm please.

nvm looking at root now

Finally rooted, it was a very nice box!
My 2 cents:

  • Getting user takes much more effort than root. Enumeration is the key for foothold!
    Lots of folks complain about getting a stable shell. I didn’t do it, though you need beginners programming skills in python to craft a shell-alike based on the public PoC for the RCE (that’s what I did). Then you need again more enumeration to own the user.
  • For the root, just do not overthink it! There is a rabbit hole big time! So do not try to go the steps of that “rabbit hole”, instead just read its first lines and you should understand how to use that in your advantage.

Sorry if I said to much here.

Just got root. This is a very good box and I believe realistic. The hints in this thread are helpful. Use what you have to gain the a low privilege shell. Once inside, look what stands out, and google what you are trying to do.

hey i am stuck in don’t know from where to get the creds for manager can anyone please Pm me or give me a hint i am on right track on missing something

Incredible root! So simple but clever. Learned a lot with this box!

I have burnt several dicts and I didn’t found any foothold. I have an idea of the vuln but no entry URL to aim. Can somebody give me a hint ?

Stuck with .py for second day… Could anyone help me a little?

Can someone PM me on the RCE?

Got RCE and the three credentials, been doing enum for a few days. Can someone point in the right direction on how to use the credentials?

@c2600 said:
Got RCE and the three credentials, been doing enum for a few days. Can someone point in the right direction on how to use the credentials?

Just the same… Can I PM somebody to ask a few questions?