Bounty

Having the hardest time getting started on this box - anyone around to discuss what I’ve done so far? I can’t seem to get an initial foothold.

@rieux said:
Having the hardest time getting started on this box - anyone around to discuss what I’ve done so far? I can’t seem to get an initial foothold.

Did you try dirb wordlists with some extention?

Hi bros, I am stuck on Priv Esc .Please PM for a nudge on the right CVE…
Thanks

I’m completely stucked can anyone give me a hint to start?

stuck on “Invalid File Type” since couple of days :slight_smile:
Uploaded:
Can’t find where it has gone! Any hint to find it? Anyone

Tough, weird machine - took me hours and some great tips from @KKB and @LonerVamp to get user, then 5 minutes to get root via two different exploits. Happy to pay it forward - find me on netsecfocus (same username) if you need a nudge.

@nope said:

@rieux said:
Having the hardest time getting started on this box - anyone around to discuss what I’ve done so far? I can’t seem to get an initial foothold.

Did you try dirb wordlists with some extention?

Ended up figuring it out - thanks for the response

can somebody ping me, i’m sort of stuck with the privesc

Hi all,

Feel stupid on this one. Still got error 403 when I try to go to the directories that web scanners have found… And google does not really seems to be my friend for this machine…

If someone could gives me a little hint it would be great…Thanks !

Struggling to get the right file to upload, tested loads of file types all resulting in Runtime errors.
A nudge would be great!

Can I ask question about priv esc?I’m using right exploit but it doesn’t work

@ghroot said:
Can I ask question about priv esc?I’m using right exploit but it doesn’t work

Make sure you are using the right shell architecture. I had problems with x86 shell running exploits in a x64 system. If it is your case, migrate it to a x64 shell.

I had quite a lot of issues with RCE, but rooting was easy. (:

Edit: Figured it out. A simple Google search with the right terms related to what you’re trying to do (server type, the action you’re performing on the “t” page, etc) will get you started with RCE. Then it’s just a matter of keeping it very, very simple and using tools available on the host.

Big thanks to @wilsonnkwan - I picked up user but my privesc-fu is too weak. I’m going to invest in the HTB membership and work my way through the retirees to gain some experience (while checking out @ippsec when stuck). Thanks all - great forums!

Any hints on which of the retired boxes have similar steps in it that might help with Bounty? PM if you’re open to sharing that info.

I’ve got the RCE but I cant even cd out of the directory I’m in. seems like only basic commands work. I’m trying to download stuff from my machine that will allow me to do other stuff but the RCE is really limited. I’ve been at this for a week and its driving me crazy! Please DM with a hint.

@opt1kz said:
Edit: Figured it out. A simple Google search with the right terms related to what you’re trying to do (server type, the action you’re performing on the “t” page, etc) will get you started with RCE. Then it’s just a matter of keeping it very, very simple and using tools available on the host.

Any you guys got a decent extension fuzzing list that you are willing to share … mines is pretty poor.

Edit: Never mind. Rooted.