I am still working for several days now on this box, trying to get a shell running. I’ve tried several ways, but none of them work. My meterpreter shell gets the connection but quits after “Sending stage”, another reverse shell closes also immediately.
I know the server, the supported file type and the supported language, but the reverse shell part drives me crazy… Any hints?
I struggled with the user portion because the way it’s supposed to be done is not that obvious imo - probably a good thing for a challenge lol. Privesc is trivial though.
I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.
@deadbear said:
I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.
@deadbear said:
I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.
same situation here, can someone pm me for help ?
Perhaps others found different solutions, but what worked for me was not trying to bypass the filter at all. I Just uploaded the file it will accept and put minimal code into that file.
For those who are struggling to get the initial foothold, be assured that I struggled for a very long time to get user on this box, and it was a great learning experience. If you’ve enumerated enough, the clues given in this forum are enough to get you there.
some PM me which mfsvenom or reverse shell i have an idia of how to but i am having bad luck uploading the payload tried too many… some PM with hints thank s
Rooted! That was a really fun initial shell! If you’re struggling with privesc, take a step back and don’t over complicate it! Google has the answer, enumerate more