Bounty

Got user flag, but can’t seem to get reverse shell going. Tried msfvenom, but getting nowhere, please PM

@km0xu95 said:
Finally rooted! Thanks @laylow

you welcome good work bro!!

man some machines are easy for me some how but some soooo hard!! especialy linux need to work more on those. still newbee tho lol!!!

Can somebody pm me with a hint on catching a reverse shell? I’ve tried multiple extensions but not catching a callback… just need a push in the right direction!

Right, finally managed RCE to get the user flag, No progress on getting a reverse shell working or priv escalation

rooted… for priv esc I SUGGEST, look for all available vulnerabilities on the system.

Stuck on upload for days now. Tried various extensions bypass. Tried generating various types of payloads, php, asp, aspx. etc. All without success. PM please.

@jadepyc said:
Stuck on upload for days now. Tried various extensions bypass. Tried generating various types of payloads, php, asp, aspx. etc. All without success. PM please.

same here, for any file extension that whould allow me to run code I just get a 404. Can I PM somebody for any hint?

PM me if need help on payload

I am trying to get a shell on this box, but I have issues. I found an exploit that could potentially execute shellcode for me, but it requires FTP to be open. The problem is that zenmap says that this port is closed, and if I try to connect “manually” I get a connection timeout. Also I tried to reset the box and try again, but I got the same result. Am I in the right track, or I am banging my head against the wall ?

If uploading payloads directly doesn’t work. Then maybe you should look into other avenues. Like a file type that will give you code execution.

Everything doesn’t have to be easy straight forward as directly upload a payload and pop shells.

There is a Certain Utility that makes the most of living off the land when all you have is code execution.

Finally figured out the upload method. Thanks to the hints about extensions. I gritted my teeth and did a brute force to find all valid extensions. Working on payload now.

finally rooted. learn a lot of new things

Finally rooted. Learnt patience and perseverance mostly :slight_smile:

I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

@Fluxx79 said:
I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

Powershell.

@mochan said:

@Fluxx79 said:
I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

Powershell.

Thx mochan
But I just don’t get it.
I figured out what file extensions are allowed when I try to get a connection to the shell I fail. I tested with other files, they work like a charm, but the shell fails.
Can you give me another hint?

Would someone be able to ping me a dm, I have questions on the initial foothold. I’ve worked through a lot of venom payloads and several techniques to bypass the file type filters. I just need a little nudge in the right direction.

Instead of focusing on getting a shell, how about looking to see if you can get RCE.

aaah, I think i’m on to something. Thanks.

Wow… it’s easy to overthink this one. Different extensions may not just function as ‘standard’ ones might.