Bounty

I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

@Fluxx79 said:
I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

Powershell.

@mochan said:

@Fluxx79 said:
I really have issues to establish a reverse shell.
I tried so many ways but it doesn’t works. I tried with wee**** but the connection crashes all the time.
Someone could give me a hint?

Powershell.

Thx mochan
But I just don’t get it.
I figured out what file extensions are allowed when I try to get a connection to the shell I fail. I tested with other files, they work like a charm, but the shell fails.
Can you give me another hint?

Would someone be able to ping me a dm, I have questions on the initial foothold. I’ve worked through a lot of venom payloads and several techniques to bypass the file type filters. I just need a little nudge in the right direction.

Instead of focusing on getting a shell, how about looking to see if you can get RCE.

aaah, I think i’m on to something. Thanks.

Wow… it’s easy to overthink this one. Different extensions may not just function as ‘standard’ ones might.

can anyone PM me i need help. I am stuck on Priv escalation …

Spoiler Removed - Arrexel

This simply means that there is some sort of file upload functionality in this machine which might get me to shell. But I can’t figure out the resource where i can go and try exploit this issue.

I know I can enumerate this machine once more, but this machine resets so quickly that my scan results returns nothing. So, Instead of going through the whole process I have decided to drop a comment here. If I can get a hint on how to proceed further I may be able to do it quicker .

Hi people ! Can someone send me a PM about download/exec through webshell ? Got Webshell, users.txt, but keep crashing while trying oneliners download exec. Thanks in advance ! (Got the list of allowed extensions too, Maybe I Overthink …)

Any hints on the file ext? I found a bunch that work, but nothing that I can use.

Edit: Nevermind, got it! Time for what seems to be a frustrating user flag. Oh boy.

I got a stable meterpreter shell for user, but can not find user.txt file anywhere. Even tried to search with dir /s user.txt, but File Not Found.

_Edit: Spoiler Removed - Arrexel

Finally got root after more than 3 weeks. Lesson learned from this box: Powershell reverse shell is not the same as meterpreter reverse shell O_ô

anyone working bounty that could pm me? got some rce on file upload but stuck on next steps. I have played with arch but can’t get anything but 500.

How is everyone finding where the file is uploaded? Is anyone willing to PM me with a nudge in the right direction? Please. I can’t figure out where my uploads are going. THX

Got RCE, having trouble moving files over to the Windows machine.

Anyone to PM?

I know which file extension is able to bypass the check and I have basic rce but I have no idea how to execute system commands. I always get a “500 - Internal server error”. Can someone pm me?

Edit: I still can’t verify rce, I can verify an image file upload. But none of the pOc’s I’ve tried have worked for rce. I’m trying more than one method, but neither work. I either get the 500 error when trying th we*****ig or cannot be displayed with the other method.
Is anyone here willing to give a little help via PM? I’m really stuck here, I’m to the point I’m not making any progress

ok am lost here… been banging away at this box for way to long. I know where to upload. I have tried various webshells and RCEs but nothing. everytime i browse to upload directory, it either a 500 or 404… really need and clue

@aelric said:
ok am lost here… been banging away at this box for way to long. I know where to upload. I have tried various webshells and RCEs but nothing. everytime i browse to upload directory, it either a 500 or 404… really need and clue

Same here. I’ve tried every combination of public pOc, and have added numerous variants of code myself. And all I get is the 500 error code at first, then after 30 seconds get the 400.
I’ve went over the pOc line by line, and changed little things while trying each time with the same outcome (500 error). I’ve used pOc from payloadallthethings, and tried it with so many different alternatives that I’ve lost count. I can’t understand how so many people got rce so easily, while I can’t even get the slightest sign of rce.
Anyone willing to help at all. Please PM!!