Bounty

Reverse shell seems a little bit tough and unstable.

I finally got the user and want to share some important steps with you

  • There are some rabbit holes!
  • Do a proper enumeration
  • When you find out what kind of data can be “injected”, you’re probably on the right track, keep going, there is more
  • It’s very easy to verify RCE (like “copy, paste, verify” - that kind of easy)
  • Now you have to find the right payload, which is not that easy, but possible. Shorter payloads will help you understand issues :wink:

Can anybody pm me,im so stupid-i can upload files,but cant take a shell or smth like that(

@kiriknik said:
Can anybody pm me,im so stupid-i can upload files,but cant take a shell or smth like that(

PM’d

can someone PM me on what kind of payload should i upload?
I found a few extensions that are whitelisted but am very lost on what to do next.

I struggled with the user portion because the way it’s supposed to be done is not that obvious imo - probably a good thing for a challenge lol. Privesc is trivial though.

can’t even get the initial foothold haha :''v

I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.

@deadbear said:
I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.

same situation here, can someone pm me for help ?

@dhar40k said:

@deadbear said:
I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.

same situation here, can someone pm me for help ?

Perhaps others found different solutions, but what worked for me was not trying to bypass the filter at all. I Just uploaded the file it will accept and put minimal code into that file.

For those who are struggling to get the initial foothold, be assured that I struggled for a very long time to get user on this box, and it was a great learning experience. If you’ve enumerated enough, the clues given in this forum are enough to get you there.

Maybe it’s the type of file you’re uploading… Maybe it’s less common file extension and can run from that file directly

some PM me which mfsvenom or reverse shell i have an idia of how to but i am having bad luck uploading the payload tried too many… some PM with hints thank s

I’m stucked at priv esc. Feel free to PM to help me :wink:

Rooted! That was a really fun initial shell! If you’re struggling with privesc, take a step back and don’t over complicate it! Google has the answer, enumerate more :slight_smile:

finally got SYSTEM on this box. PM for hints

Can someone PM me regarding file upload. Don’t want to put any potential spoilers here…

i’m still not able to figure out how reverse shell is achievable. i’ve tried multiple ways to upload files, but still not getting anything.

Edit: nvm this box is fun! New things to learn! Thank you @mrb3n !

@wildkindcc said:
Rooted! That was a really fun initial shell! If you’re struggling with privesc, take a step back and don’t over complicate it! Google has the answer, enumerate more :slight_smile:

I don’t get the point :smiley:
edit: nvm, got it! :slight_smile:

I’m pretty much beating my head against the wall here. Can someone PM me some hints. I’ve enumerated, tried numerous uploads and I’m out of ideas.

Spoiler Removed - Arrexel