Stratosphere

@nabuhodanosor said:

@xenofon said:
hey guys i am in the middle of something really weird…i used a famous exploit for the box st***-*wn.py and gave a an error "ChunkedEncodingError Error: Making another request to the url."but when i am on the terminal of the pyCharm it’s working well,and i have rce at all the .action files…WHAT IS GOING ON???

It doesn’t really matter where you getting RCE from - your OS terminal or pyCharm terminal. If you got RCE, you have all you need to move forward.

its true that, and thanks for the reply but i was wondering why is this happening,anyway i found another exploit for this vulns and it’s working fine…i am trying to revershe shell now but nothing is happening…i dont know i will do more searching on the box

@xenofon said:

@nabuhodanosor said:

@xenofon said:
hey guys i am in the middle of something really weird…i used a famous exploit for the box st***-*wn.py and gave a an error "ChunkedEncodingError Error: Making another request to the url."but when i am on the terminal of the pyCharm it’s working well,and i have rce at all the .action files…WHAT IS GOING ON???

It doesn’t really matter where you getting RCE from - your OS terminal or pyCharm terminal. If you got RCE, you have all you need to move forward.

its true that, and thanks for the reply but i was wondering why is this happening,anyway i found another exploit for this vulns and it’s working fine…i am trying to revershe shell now but nothing is happening…i dont know i will do more searching on the box

As it was previously mentioned, you don’t need reverse shell if RCE is working. You are going to waste a lot of time trying to get reverse shell up and running.

Can anyone give me a hint on root? I think i’ve tried everything, the enum scripts are a bit weak. It could be I am snowblind :frowning:

i am stuck with the last hash, i feel its a rabit whole, any hints on the right direction ?

dont even try to crack it its useless .try with py priv esc

i ran out of options with root priv, can any one PM for hints pls.

Yea, super confused with the permissions on the file. If I follow the ‘old version’ method, I can’t still access the file(s). If hijack, I can’t do anything greater than user either - not sure if the whole snake area is pointless?

i cant understand, test owned by root, import hashlib, when we edit hashlib for an os command like “ls” we should ls root files but i got permission denied , if that, we need the last hash to call success.py which is in root dir

Think of what you have and CAN do.

Then use that to your advantage for what you couldn’t do initially.

I’ve just completed it… with thanks to @r518 re-iterating what is already known! @waspy , by the sounds of it you are doing it right - just need to understand how to run it.

FInally rooted! HINT: root is very easy if you know basic python scripting.

PLEASE For anyone that solved this, I would like to discuss how you manage to find the initial right exploit, as I read an hint myself. Please PM me.

The user and all related content has been deleted.

@NyaMeeEain - I don’t mean to strut my stuff, being that guy - but check the first few pages of this thread :slight_smile:

rooted, thanks for all the help @r518

got root hint:use ur power in the right place,

I am banging my head off the wall with this one. The RCE works, I can see the service and I can issue a connection request using the creds but everything else fails. I’ve tried creating scripts and uploading them but that errors out (as others have pointed out, I’ve even spent quite some time trying to get a reverse shell but to no avail).

If anyone is kind enough to PM with a nudge, it would be massively appreciated.

Why not just have a snoop around and see what you find, search some dirs. and output some files - with the RCE that should be possible. wink wink

The user and all related content has been deleted.

Keep digging, what else can you find and work with on the box to get more info and maybe even credentials if that file doesn’t work? Keep looking, or as they say here enumerate more.

got root but man good machine but bit lame at the end… getting root.!

overall good Box Thanks to the Creator