Canape

@Bear said:
Relax. Take a rest, have a lay down on a type of sofa/chair and see what’s running on the box.

Joking no kitteh ded - got flags already. Loved this box - maybe too easy but 11/10 would pwn again…

Complex.
Very complex box.
I would wait for this box to retire and see how to solve it. This one is tougher than other boxes(along with silo).

I have a love / hate relationship with this box. I love the things I’ve had to learn to get onto the box (albeit in a rubbish shell with no privs). I hate the constant failure at getting creds out of the DB.

Still, when I eventually get user or root, I will cheer me up…

:smile:

So I cracked and came back to this tonight - a bit of time with the DB manpages and I’ve to usernames and passwords out of the DB. Tomorrow I get the “fun” task of working out where to use them…

Can anybody give me a clue about RCE? I could not succeed to work it. I am taking badcharerror. I think soource of the error is char, but i could not find to bypass it.

Rooted!!! finally, after a long long ride, it’s been a fun, frustrating, and complex road, Learnt a lot from this box…Any help or nudge wanted yaou guys can pm me on discord [vrvik#7626]

I’ve been in the low-priv (s)■■■■ forever. Enumerated all files I can back and forth, and nothing comes to focus. If anyone has a hint on getting from www-data to the next level, please share :slight_smile:

pls help , cant copy/clone the repository ?? is that supposed to happen …

@yazid101 said:
pls help , cant copy/clone the repository ?? is that supposed to happen …

I’m sure there must be some way to uncoil the snake from around this glassss…

I am confused… I have the source code, but I am struggling to understand what I can do with this. I am trying to host it locally by throwing a clone into /var/ www/ html but I don’t know enough about hosting an Apache2 site, aparently… Anyone wanna shoot me a tip?

Eyy guys ! first comment here, I’m very stuck on RCE… something must misunderstood by me for sure because when I execute the vulnerability in c**** with any kind of payload I always receive 400 as error code, I have seen much of you have received 500…
Anyone can give a little hint about this error ? Thx !

@NorbaK said:
Eyy guys ! first comment here, I’m very stuck on RCE… something must misunderstood by me for sure because when I execute the vulnerability in c**** with any kind of payload I always receive 400 as error code, I have seen much of you have received 500…
Anyone can give a little hint about this error ? Thx !

I already have this one,
HINT for who is in the same situation: try to find some application to run locally and analyze its code

Hello everyone,
I have a problem. I analyzed the code and I have a working payload on the local machine. The problem is that it is not working on the remote host. I tried many variations but I can’t figure out what’s wrong. Can someone PM me for hint?

@TazWake said:
So I cracked and came back to this tonight - a bit of time with the DB manpages and I’ve to usernames and passwords out of the DB. Tomorrow I get the “fun” task of working out where to use them…

I’m in the same situation, it seems like it must be possible to “login” with that password as the user h***r but usign the typical commands “su”, “sudo”, … no way !

Just finished it. Amazing box! If anyone needs a nudge PM me.

Just rooted this amazing machine ! All the boxes seems impossible at start but Canape is pure ■■■■ ! It was frustrating to stay for days stuck, but more re-comforting than others at all! If anyone needs help PM me.

I have been accessed www which is web directory permission.I need to go deeper to dump both user.txt and root.txt

Can someone give me a hint regarding the initial pickle situation ? I have a payload that is working locally, but I keep getting 500 errors when I send it to canape using python requests library

Am i missing a port during enumeration?

I keep getting 500 response ? can someone help me ?