Got user and shell, stuck on privesc. Looked back, changed some source, grabbed debug console, dropped rev shell - no luck escalating. Anyone want to drop a pointer in PM would be appreciated.
Just rooted! Quite fun… For those who are trying to root, check what packages/services are installed on that system which allows to ‘travel’ in time. Think about it maybe like kind of backup or similar solution. Find it, and then find what you can take from there.
I just didn’t understand how it got there - is it a real life scenario or it is applicable only on particular/rare cases?
Thanks to @lokori for creating such a good box
HI everyone, i enumerate then found the entry point and exploit it to read arbitrary files on the system. However even if i found hat a python package used is vulnerable (related to rick and morty) i definetively stuck with internal error when i try to get a reverse shell. Someone could help me ?
Back from holidays!! Priv escalation was pending, and now… I got it. Before the holidays I was stuck, but after sun and beach it seems my view has become clear again. At this time I saw how to get root at first glance
Nice box @lokori , thank you
def allowed_file(filename):
return ‘.’ in filename and
filename.rsplit(‘.’, 1)[1].lower() in ALLOWED_EXTENSIONS
But every single file i try i get Internal Server Error
So you know the vulnerability type, and maybe you know the file structure to provide.
Why don’t you try to follow the file structure rule?
Maybe then you can search in OWASP this kind of vulnerability and use it with the needed structure.