Stratosphere

Finished root on this one, finally. Learned a ton. The rabbit holes actually taught me a lot. Can’t be mad at that. Hopefully I won’t give any spoilers below, but I believe this is all just re-stating what is listed previously in the thread. (edit- ) Oh and feel free to PM me.

For those stuck on RCE - do not waste too much energy trying to go way up or down the directory structure. There’s good stuff close by.
Mind your syntax, very very closely. Don’t just try to run stuff directly from a cheat sheet. Consider alternate ways of achieving the same desired result.

For priv esc - I recommend taking the time to solve all the challenges. Maybe it is not required? But it’s not too taxing and will be very very helpful on other machines. After that, consider perms, privs on what you have access to already. How can you use this? Use your power in the right place, mind your syntax. Watch your paths.

I’m searching about the RCE, but not work for me or i’m in the wrong way?
I’m using PUT file …
I need some help :d

Will like to thank @itsnemesis for helping out, I appreciate his help and his patience, was getting the syntax wrongly which took me hours before he helped out, guessing probably he might have been mad at me at some point so being a dummy, thanks @itsnemesis , probably might not have solved it earlier without your help

And to those that have lots of details make sure to check your syntax well, that shii really slowed me down and also don’t forget most people reuse login details else where and to get root access try look at each file you find on the server closely u might see something interesting

No doubt there are lots of rabbit holes in this machine, focus on the services running on the machine

@itsnemesis said:
Finished root on this one, finally. Learned a ton. The rabbit holes actually taught me a lot. Can’t be mad at that. Hopefully I won’t give any spoilers below, but I believe this is all just re-stating what is listed previously in the thread. (edit- ) Oh and feel free to PM me.

For those stuck on RCE - do not waste too much energy trying to go way up or down the directory structure. There’s good stuff close by.
Mind your syntax, very very closely. Don’t just try to run stuff directly from a cheat sheet. Consider alternate ways of achieving the same desired result.

For priv esc - I recommend taking the time to solve all the challenges. Maybe it is not required? But it’s not too taxing and will be very very helpful on other machines. After that, consider perms, privs on what you have access to already. How can you use this? Use your power in the right place, mind your syntax. Watch your paths.

I solved the challenges but didn’t work :d

No problem @Afolic ! Haha never mad with you, you did great! Syntax was a pain on this one.

@sckull That’s quick progress. If you solved the challenges, that’s great cracking practice, but consider what you might be able to do if those challenges don’t lead anywhere. I can PM a little more detailed hint, but don’t want to ruin for others.

@sckull said:

@itsnemesis said:
Finished root on this one, finally. Learned a ton. The rabbit holes actually taught me a lot. Can’t be mad at that. Hopefully I won’t give any spoilers below, but I believe this is all just re-stating what is listed previously in the thread. (edit- ) Oh and feel free to PM me.

For those stuck on RCE - do not waste too much energy trying to go way up or down the directory structure. There’s good stuff close by.
Mind your syntax, very very closely. Don’t just try to run stuff directly from a cheat sheet. Consider alternate ways of achieving the same desired result.

For priv esc - I recommend taking the time to solve all the challenges. Maybe it is not required? But it’s not too taxing and will be very very helpful on other machines. After that, consider perms, privs on what you have access to already. How can you use this? Use your power in the right place, mind your syntax. Watch your paths.

I solved the challenges but didn’t work :d

same here , it is really bad that in-spite of solving 4th question you get permission denied error. Now back to priv enscalation

@pcolomes said:

@trounce1 said:
can someone help me I have access to the tomcat-users.xml file but cant login

Beware of the rabbits and their holes…

im very confused, ive spent another 5 hours on this machine and got nowhere.

please help me someone. pm or on here

helllooo! I just rooted! Yay root dance. PM me if you have any questions… was fun… my tip for root is you don’t have to look very far :slight_smile:

finally got root.

so satisfying

classic root tactic

the biggest hint for everyone is you never need to change directory to get user or root

i got root…i’m a noob… this was hard for me!.. now lets do it all over again on another box…

Stuck on trying to do priv esc. If someone can give me an hint. I have tried the various services but keep getting root is required.

stuck on doing RCE…i have been finding, for 4 days, somehow to get access to the machine…so far downloaded a file and found the login page…and nothing else so far…please help me somebody…

This turned out to be a fun box with playing with the RCE and also the way you Priv Esc was something I could see someone IRL doing…

Hints:

RCE → Burp is your friend and the rest you need bas really been posted here a lot, especially early on.

Priv Esc → See what you have where you are and you wont need to go far. Google is your friend (again, I think others posted this in the forum as well :slight_smile: )

Need a slight nudge on this - got RCE - able to look around, got the 3 x credentials

Looked at all services running, Aware of a user beginning with R

Without giving to much away - Presumable we would be looking at a “sequel” to this box to get access

Presuming im on the right path, it has to be either the syntax im using or there is a diffrent script for RCE as what im using doesnt seem to like the commands im issuing to conect to the service

Hi all ! Need some help with this box: I am able to run RCE , got the needed credentials for the specific service that allows access to it , got the right syntax to execute the commands , but i cannot find anything useful once i get logged in that specific service . I mean , there are 2 things inside the service , but only one of them allows listing . The other one seems empty. Was it supposed to be like that ?

EDIT: find a way to to the RCE, found 3 pair of credentials, now stuck again. Any hints?
I guess I have to login into an exposed service, but all the credentials I’ve found don’t work

rooted finally, very satisfying.

Need help enumerated, found a possible exploit for RCE but cant get it to work. Any have any hints?