Bounty

I am trying to get a shell on this box, but I have issues. I found an exploit that could potentially execute shellcode for me, but it requires FTP to be open. The problem is that zenmap says that this port is closed, and if I try to connect “manually” I get a connection timeout. Also I tried to reset the box and try again, but I got the same result. Am I in the right track, or I am banging my head against the wall ?

If uploading payloads directly doesn’t work. Then maybe you should look into other avenues. Like a file type that will give you code execution.

Everything doesn’t have to be easy straight forward as directly upload a payload and pop shells.

There is a Certain Utility that makes the most of living off the land when all you have is code execution.

Finally figured out the upload method. Thanks to the hints about extensions. I gritted my teeth and did a brute force to find all valid extensions. Working on payload now.

finally rooted. learn a lot of new things

Finally rooted. Learnt patience and perseverance mostly :slight_smile:

I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

@Fluxx79 said:
I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

Powershell.

@mochan said:

@Fluxx79 said:
I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

Powershell.

Thx mochan
But I just don’t get it.
I figured out what file extensions are allowed when I try to get a connection to the shell I fail. I tested with other files, they work like a charm, but the shell fails.
Can you give me another hint?

Would someone be able to ping me a dm, I have questions on the initial foothold. I’ve worked through a lot of venom payloads and several techniques to bypass the file type filters. I just need a little nudge in the right direction.

Instead of focusing on getting a shell, how about looking to see if you can get RCE.

aaah, I think i’m on to something. Thanks.

Wow… it’s easy to overthink this one. Different extensions may not just function as ‘standard’ ones might.

can anyone PM me i need help. I am stuck on Priv escalation …

Spoiler Removed - Arrexel

This simply means that there is some sort of file upload functionality in this machine which might get me to shell. But I can’t figure out the resource where i can go and try exploit this issue.

I know I can enumerate this machine once more, but this machine resets so quickly that my scan results returns nothing. So, Instead of going through the whole process I have decided to drop a comment here. If I can get a hint on how to proceed further I may be able to do it quicker .

Hi people ! Can someone send me a PM about download/exec through webshell ? Got Webshell, users.txt, but keep crashing while trying oneliners download exec. Thanks in advance ! (Got the list of allowed extensions too, Maybe I Overthink …)

Any hints on the file ext? I found a bunch that work, but nothing that I can use.

Edit: Nevermind, got it! Time for what seems to be a frustrating user flag. Oh boy.

I got a stable meterpreter shell for user, but can not find user.txt file anywhere. Even tried to search with dir /s user.txt, but File Not Found.

_Edit: Spoiler Removed - Arrexel

Finally got root after more than 3 weeks. Lesson learned from this box: Powershell reverse shell is not the same as meterpreter reverse shell O_ô

anyone working bounty that could pm me? got some rce on file upload but stuck on next steps. I have played with arch but can’t get anything but 500.

How is everyone finding where the file is uploaded? Is anyone willing to PM me with a nudge in the right direction? Please. I can’t figure out where my uploads are going. THX