Bounty

i am this box too much breaking but at last done. biggggest thanks to one man that Pzylence top block!

@IVWKCSEC said:
Stuck trying to turn the RCE I’ve managed to become a reverse shell.

Tried both direct reverse shell + uploading shells not nothing seems to work currently. Any pointers ?

dm me.

Stuck on priv esc, also the user.txt seems to have disappeared? Searched everywhere incl Desktop, only found a .lnk file referring to it. please feel free to PM me :slight_smile:

Anyone willing to pass on a hint for Priv Esc? I’ve been banging my head against the wall for several hours trying to find stuff like passwords, and manual enumeration on just about every file I seem to have access to. There must be something staring me right in the face… Thanks in advance!

Edit: nvm

Come on! someone delete my shell every time, i don’t get this for a minute !!!

Rooted !

Finally rooted! Thanks @laylow

ugh this is killing me, I upload the “file” and try to navigate to it and it says 404. Nudge?

Got user flag, but can’t seem to get reverse shell going. Tried msfvenom, but getting nowhere, please PM

@km0xu95 said:
Finally rooted! Thanks @laylow

you welcome good work bro!!

man some machines are easy for me some how but some soooo hard!! especialy linux need to work more on those. still newbee tho lol!!!

Can somebody pm me with a hint on catching a reverse shell? I’ve tried multiple extensions but not catching a callback… just need a push in the right direction!

Right, finally managed RCE to get the user flag, No progress on getting a reverse shell working or priv escalation

rooted… for priv esc I SUGGEST, look for all available vulnerabilities on the system.

Stuck on upload for days now. Tried various extensions bypass. Tried generating various types of payloads, php, asp, aspx. etc. All without success. PM please.

@jadepyc said:
Stuck on upload for days now. Tried various extensions bypass. Tried generating various types of payloads, php, asp, aspx. etc. All without success. PM please.

same here, for any file extension that whould allow me to run code I just get a 404. Can I PM somebody for any hint?

PM me if need help on payload

I am trying to get a shell on this box, but I have issues. I found an exploit that could potentially execute shellcode for me, but it requires FTP to be open. The problem is that zenmap says that this port is closed, and if I try to connect “manually” I get a connection timeout. Also I tried to reset the box and try again, but I got the same result. Am I in the right track, or I am banging my head against the wall ?

If uploading payloads directly doesn’t work. Then maybe you should look into other avenues. Like a file type that will give you code execution.

Everything doesn’t have to be easy straight forward as directly upload a payload and pop shells.

There is a Certain Utility that makes the most of living off the land when all you have is code execution.

Finally figured out the upload method. Thanks to the hints about extensions. I gritted my teeth and did a brute force to find all valid extensions. Working on payload now.