Stratosphere

can someone help me I have access to the tomcat-users.xml file but cant login

@trounce1 said:
can someone help me I have access to the tomcat-users.xml file but cant login

Beware of the rabbits and their holes…

Hello everybody !
I got a RCE but i can’t find the first flag (“user.txt”). Any tips ?

@Kalki maybe your RCE is with something running without privileges to that user file

i don’t find the file. It must be in /home/“user” ?

I could use a nudge. I have several creds from enumerating and know who the user is not the password yet though. I have been trying to use the creds against the running service, but through RCE I get access denied and timeouts from trying to run it on my machine. An article or anything would be great.

Rooted if you need help PM me.

Got user, it was one ■■■■ of an effort to get user, but satisfying.
Now on to the puzzle, I got first 3 questions decoded, not able to get the 4th one decoded, any help is appreciated.

I solved the 4th, but it’s usseless.

Rooted. If anyone needs a nudge pm me.

Good day guys, I got RCE and I can see bunch of files and directory, even got the manager directory username and password but the details ain’t working when u try logging, any hint on what to look out for??, I have searched everywhere in the server but nothing useful

I could use a nudge as well. In same spot as above post

I am completely stuck at this point. Running endless commands with my RCE without being able to get user.txt or progress to user or root logged in access. I have read tons of files on the machine. Not sure what I am missing. I found creds for web app but cannot login to it for whatever reason. Considered ssh, but no luck. Help?

PM me if anyone needs a nudge. Root was a bit trickier than people make it seem

@itsnemesis we in the same shoe

Ok I have a total of 3 creds at this point, but so far cannot find a way to use any. creds for web app do not seem to work and creds for db seem to work, but with my limited environment, cannot connect? I get timeouts

If someone wants to give me a nudge, I have been able to authenticate to a service with one of the creds I found, but I still do not have user.txt. please PM if you wouldn’t mind helping out

Any nudge on how to authenticate a service ?

Using RCE, with correct authentication request it was not responding, on incorrect one its response with error.

Ok I’ve got user, attempting to priv esc. Found file with perms and trying to use a trick to get success… but not sure how to redirect call to get there. i thought i had it, but still got access denied. could someone PM me for final step to root?

Okay, guys finally conquered user, any hint on priv esc?