Bounty

I struggled with the user portion because the way it’s supposed to be done is not that obvious imo - probably a good thing for a challenge lol. Privesc is trivial though.

can’t even get the initial foothold haha :''v

I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.

@deadbear said:
I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.

same situation here, can someone pm me for help ?

@dhar40k said:

@deadbear said:
I’ve found where I can upload, and where my uploaded stuff goes to. I have not been able to get RCE from there though. When I bypass the upload filter a few different ways I just get 404 at their destination, or non executable payloads. Any hints on what I might be missing, would appreciate any guidance.

same situation here, can someone pm me for help ?

Perhaps others found different solutions, but what worked for me was not trying to bypass the filter at all. I Just uploaded the file it will accept and put minimal code into that file.

For those who are struggling to get the initial foothold, be assured that I struggled for a very long time to get user on this box, and it was a great learning experience. If you’ve enumerated enough, the clues given in this forum are enough to get you there.

Maybe it’s the type of file you’re uploading… Maybe it’s less common file extension and can run from that file directly

some PM me which mfsvenom or reverse shell i have an idia of how to but i am having bad luck uploading the payload tried too many… some PM with hints thank s

I’m stucked at priv esc. Feel free to PM to help me :wink:

Rooted! That was a really fun initial shell! If you’re struggling with privesc, take a step back and don’t over complicate it! Google has the answer, enumerate more :slight_smile:

finally got SYSTEM on this box. PM for hints

Can someone PM me regarding file upload. Don’t want to put any potential spoilers here…

i’m still not able to figure out how reverse shell is achievable. i’ve tried multiple ways to upload files, but still not getting anything.

Edit: nvm this box is fun! New things to learn! Thank you @mrb3n !

@wildkindcc said:
Rooted! That was a really fun initial shell! If you’re struggling with privesc, take a step back and don’t over complicate it! Google has the answer, enumerate more :slight_smile:

I don’t get the point :smiley:
edit: nvm, got it! :slight_smile:

I’m pretty much beating my head against the wall here. Can someone PM me some hints. I’ve enumerated, tried numerous uploads and I’m out of ideas.

Spoiler Removed - Arrexel

I have the CVE exploit uploaded and in place. I cannot figure out how to leverage it for System owning. Can anyone DM me with a hint please?

@laylow That part is frustrating. You only have about a 30 second window to get in before it gets overwritten. This box is best attempted in the middle of the day when people are at work.

@C3PJoe said:
@laylow That part is frustrating. You only have about a 30 second window to get in before it gets overwritten. This box is best attempted in the middle of the day when people are at work.

man i am from australia so i can only attemp when this time. problem is i get to start to work with australians any team australians around at all…

also man you are 100% right mate… soo frustrating i loud my files get to inside server threw the web interface i got both username but i can’t get inside the folders even tho i have even changed the password for both users i dont get enough time to do it cos asson i go for some friking crushs or overs right the stupid file. i can,t even get chance to uploude a excutible file can’t netcat also cos it crushs by the time i finsih all my staff can you pm what payloud you using i tried to open session but it just fails

Spoiler Removed - Arrexel

people. stop fucking up the box!

rooted finally! this box was a fun ride!