Bounty

Right, finally managed RCE to get the user flag, No progress on getting a reverse shell working or priv escalation

rooted… for priv esc I SUGGEST, look for all available vulnerabilities on the system.

Stuck on upload for days now. Tried various extensions bypass. Tried generating various types of payloads, php, asp, aspx. etc. All without success. PM please.

@jadepyc said:
Stuck on upload for days now. Tried various extensions bypass. Tried generating various types of payloads, php, asp, aspx. etc. All without success. PM please.

same here, for any file extension that whould allow me to run code I just get a 404. Can I PM somebody for any hint?

PM me if need help on payload

I am trying to get a shell on this box, but I have issues. I found an exploit that could potentially execute shellcode for me, but it requires FTP to be open. The problem is that zenmap says that this port is closed, and if I try to connect “manually” I get a connection timeout. Also I tried to reset the box and try again, but I got the same result. Am I in the right track, or I am banging my head against the wall ?

If uploading payloads directly doesn’t work. Then maybe you should look into other avenues. Like a file type that will give you code execution.

Everything doesn’t have to be easy straight forward as directly upload a payload and pop shells.

There is a Certain Utility that makes the most of living off the land when all you have is code execution.

Finally figured out the upload method. Thanks to the hints about extensions. I gritted my teeth and did a brute force to find all valid extensions. Working on payload now.

finally rooted. learn a lot of new things

Finally rooted. Learnt patience and perseverance mostly :slight_smile:

I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

@Fluxx79 said:
I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

Powershell.

@mochan said:

@Fluxx79 said:
I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

Powershell.

Thx mochan
But I just don’t get it.
I figured out what file extensions are allowed when I try to get a connection to the shell I fail. I tested with other files, they work like a charm, but the shell fails.
Can you give me another hint?

Would someone be able to ping me a dm, I have questions on the initial foothold. I’ve worked through a lot of venom payloads and several techniques to bypass the file type filters. I just need a little nudge in the right direction.

Instead of focusing on getting a shell, how about looking to see if you can get RCE.

aaah, I think i’m on to something. Thanks.

Wow… it’s easy to overthink this one. Different extensions may not just function as ‘standard’ ones might.

can anyone PM me i need help. I am stuck on Priv escalation …

Spoiler Removed - Arrexel

This simply means that there is some sort of file upload functionality in this machine which might get me to shell. But I can’t figure out the resource where i can go and try exploit this issue.

I know I can enumerate this machine once more, but this machine resets so quickly that my scan results returns nothing. So, Instead of going through the whole process I have decided to drop a comment here. If I can get a hint on how to proceed further I may be able to do it quicker .

Hi people ! Can someone send me a PM about download/exec through webshell ? Got Webshell, users.txt, but keep crashing while trying oneliners download exec. Thanks in advance ! (Got the list of allowed extensions too, Maybe I Overthink …)