Canape

If anyone could PM me for a nudge on where to go from www-data that would be amazing.

Rooted. Had the most fun on this box so far, and learned a few new things too :slight_smile:

Anyone available for a PM? Been working on this for a few days now, got running locally and see what’s going on and able to execute the vulnerability using script that mirrors check but unable to envoke via app…

Finally! User took 8 days, Homer took 2 days, and root took 15 minutes…

This box 100% does not match the difficulty level IMHO…

Nonetheless great fun - If anyone needs help drop me a PM.

anybody getting urllib3 error while trying to escalate to root? is there a way around it?

This box has been endless frustration… Able to get payload up locally but get posix error unless running dos2unix on the file, then it works using the check() function copied into a file check.py but every time I try with /check in browser I get bad request 400… I feel like I’m close but feel like a dog chasing his tale

could do with help to get a foothold on the box. any help will be appreciated

If someone could drop me a DM please take a look at my script to “check” input, I’d really appreciate it! My very similar script to submit is working great, no more pickle errors etc when I run it with code pulled from app used to check

check all version of code you where reviewing. make sure they tell the same story :wink:

■■■■, it took me 1 hour to get the first shell, 3 days to find a checkbox in a f***ing web interface and 5 min to get root… shame on me :'D

Anyone want to shoot me a hint on how to send my initial foothold payload? Or point me to an informative reading?

This may help solve “500 error” on the payload compile arbitrary python source code into pickle format. will execute on unpickling · GitHub

@KuroSaru said:
check all version of code you where reviewing. make sure they tell the same story :wink:

This fixed my issues locally now to tweak for htb… It pays to read things more carefully when comparing versions!

Anyone who can help me with my payload, please DM and I show you where I am having problems

Would really love a PM regarding how to get a user shell. I have discovered a vulnerable service running on the box, but the exploit script I found does not work. It tells me that the commands have been executed, but I’m pretty sure they have not been.

Thanks!

@mxchai said:
Would really love a PM regarding how to get a user shell. I have discovered a vulnerable service running on the box, but the exploit script I found does not work. It tells me that the commands have been executed, but I’m pretty sure they have not been.

Thanks!

pm me if u need help

Could someone give a hint about how to bypass the character when making a shellcode ? i’m sure the shellcode works fine locally withoute the character

@Erbooo treat them as one. You cant just bypass it.

Got to say good box, user was the hardest, and I liked IT. Root was not hard, but I truly like they way it was done. Great job @overcast .

I can get reverse shell locally. But with same payload i am getting 500 error on the canape server. Can someone give me a hint??