Dev0ops hints

@moony8272 said:
Hi
Just need a pointer to get the initial foothold on this box, I think I have done enough enumeration and I’m trying to upload something and getting “Internal Server Error”. Am I on the right track??
Any advice would be greatly received!

Look up the format that is being parsed and read the text on the website. You can PM me if you need another nudge.

Not too hard of a box. Was able to figure out with basic enumeration and then looking through the hints on here. Fun box though!

need help in priv esc. Can anyone a PM?

Anyone who needs help is welcome to PM me.

Already got interesting file but definitely don’t know what to do next. Am I right that I need to send something to the ne***st for user.txt?

@iammainul said:
need help in priv esc. Can anyone a PM?

Shoot me a message, if you still need help.

I’ve gotten quite a few PMs about this box. I’ve also seen a lot of hints that kind of reiterate the same thing over and over so maybe this will help all those who are stuck.

While the path to root isn’t as complicated as it feels if you’ve been digging around for a while, it’s also not quite as obvious I don’t think as everyone states if you’re new to what you need to work with on this box.

Yes, RTFM is quite a thing and I agree. But to hopefully cut down on the cycle of “I’ve read the hints and done the things and can’t see what I’m missing or if I’m on the right track” I’d like to re-contextualize the hint that’s been repetitiously stated into something that may be of more conceptual aid, without adding any new hints or information.

Think about the things you are looking through/need to look through as a blueprint of a building, and the lines you are looking through in those locations as paths in the building or rooms. You need to find the correct path and room you need to be in. Go through things line by line and if you don’t understand what the line is doing, research until you do. This will help you better be able to read the blueprint and to know which path and rooms are important, which are not, and where to find the tools you need to get into the rooms you need to be in.

Happy Hunting

@Didakt said:
Rooted !
Very cool box, thanks to the creator :slight_smile:

And the first hint some one gave for priv esc was just perfect :

“Far far ago, there was a man that could view back into the past, and see alternated versions of realities , how did he do that mate?”

Think about it !

Thanks for the box

Cheers. This gave me the nudge I needed :slight_smile:

rooted! dm me for hints!

finally got root, if someone needs help, just PM me…

After figuring out what I was doing wrong with uploading the xml, I wanted to punch my own face. Basically had the xml formatting correct the whole time but it was the SYNTAX to pay very close attention to combined with the few hints the “developer” left . Hope this doesn’t give away too much, first comment on the forum, 5th “user” I’ve gotten. I think I know where to go with root now. Time to find out. Thanks for the hints to everyone as well. They were exactly what I needed to know I was on the right track, without giving away too much and taking away from the learning experience.

hopelessly stuck on devoops, I know the method is similar to aragog but i cant find the proper syntax to inject or where to inject it please help

Okay, Ive found a very interesting page, havin a little trouble formatting the peanut butter for my sandwich, pm me if you can help pls

@Monkey23 the owasp top 10 gives you it on a plate

If I put it into the form on the page in file form it comes up in burp all red…do I have to move it outside the number string?

@AgentTiro said:
@Monkey23 the owasp top 10 gives you it on a plate

Not exactly you gotta add the jelly Thanks though i got the file.

Thank you all who have helped me to get root. Your help has been the key to me conquering this machine.

I’ll just write a few hints here for the ones who come after:

  1. Initial foothold - pay attention to the upload format, the system has been designed to look out for certain txt.
    If you are not good at the programming language, suggest to go w3schools for a short brief on the language itself.
  2. On getting user.txt, think of a file that is as good as the password but not the password
  3. On getting root, like all the other has said, go back in time, so something to do with the history. If you can do a word difference comparison of the file, that will be helpful.

Need anymore help, give me a PM :slight_smile:

@TTYlerDurden said:
The amount of OVER ENGINEERING the solution I did on this box…SMH.
Feel free to PM for nudges.
Thanks @lokori for the great box and the opportunity to learn something new!

I feel like we tried the same things. Just rooted after days of trying to do something that just wasn’t working. Can’t believe how easy the real path to root was

I’ve managed to upload a valid XML file and finding the file, I then tried to but in some php code to that file to gain a rev shell. I know understand from the forum that this is the incorrect method. Could anyone help me point me in the right direction? Not a fan of XML though…

Im confused about the go back in time stuff. Got user and found a different key but i cant seem to make it work. PM please im stuck hopelessly