Bounty

Can somebody PM me with some help on the parameters for RCE? I’ve got the right file extension and am uploading what I assume to be the right file but keep getting 500 errors.

got root !

PM if needed

also finally got root… pm if you need a nudge. this box was verrrrry touchy with the commands… things would just stop working if I missed a single quote, etc.

Spoiler Removed - Arrexel

I cannot even get a user on this. I already have wasted 5 days, and I have not get the user flag yet. Reading the posts from this topic, I understand that I have to find a secret page that will help me upload my payload. I tried with wfuzz and dirbuster all the wordlists regarding asp.net that I could find, but so far I could not get access. Any hint ?

I know where it goes but I’m not sure how to build it and then trigger it. I’ve read all these posts and I’ve tried different arch but I think I’m too n00b to understand. Anyone willing to PM about building and then triggering? I would appreciate it!

I have created payload and can successfully browse through the website, but where the ■■■■ is user.txt?

Hello,
Guys could you pls give me a hint.
I ran dirb, nikto and gobuster with different wordlists (common.txt, big.txt, something.medium.txt). Have found two directories to which I do not have access “Forbidden”. Would appreciate a hint.

I keep getting internal error 500 .Tried a lot of combinations nothing worked .Please help

The box seems so unstable, getting different responses all the time… Is this correct?

@WillIWas said:
The box seems so unstable, getting different responses all the time… Is this correct?

yea that box can seem unstable, at times and a bit temperamental . do you have any shell access etc?

@mizzion said:

@WillIWas said:
The box seems so unstable, getting different responses all the time… Is this correct?

yea that box can seem unstable, at times and a bit temperamental . do you have any shell access etc?

No, I just started, found som gui, but it disappeared and I can’t get it back

Messed up my dirb search aswell… annoying

@WillIWas said:
Messed up my dirb search aswell… annoying

if you read all the posts on this thread you will work out what scans to run for a successful recon phase which will lead to your foothold

@mizzion said:

@WillIWas said:
Messed up my dirb search aswell… annoying

if you read all the posts on this thread you will work out what scans to run for a successful recon phase which will lead to your foothold

Well, I’ll go read then, thx

@Razzty said:
I have created payload and can successfully browse through the website, but where the ■■■■ is user.txt?

You can’t see the air but…

@sodomak said:

@Razzty said:
I have created payload and can successfully browse through the website, but where the ■■■■ is user.txt?

You can’t see the air but…

Yeah, you’re right :slight_smile: Now I’m on priv esc, since I got user shell. Any hints?

Bounty is wildly unstable - same file that worked four hours ago, from the same computer, now throws a 404. Makes no sense.

Not even trying RCE - just trying to view text.