Canape

This box has been endless frustration… Able to get payload up locally but get posix error unless running dos2unix on the file, then it works using the check() function copied into a file check.py but every time I try with /check in browser I get bad request 400… I feel like I’m close but feel like a dog chasing his tale

could do with help to get a foothold on the box. any help will be appreciated

If someone could drop me a DM please take a look at my script to “check” input, I’d really appreciate it! My very similar script to submit is working great, no more pickle errors etc when I run it with code pulled from app used to check

check all version of code you where reviewing. make sure they tell the same story :wink:

■■■■, it took me 1 hour to get the first shell, 3 days to find a checkbox in a f***ing web interface and 5 min to get root… shame on me :'D

Anyone want to shoot me a hint on how to send my initial foothold payload? Or point me to an informative reading?

This may help solve “500 error” on the payload compile arbitrary python source code into pickle format. will execute on unpickling · GitHub

@KuroSaru said:
check all version of code you where reviewing. make sure they tell the same story :wink:

This fixed my issues locally now to tweak for htb… It pays to read things more carefully when comparing versions!

Anyone who can help me with my payload, please DM and I show you where I am having problems

Would really love a PM regarding how to get a user shell. I have discovered a vulnerable service running on the box, but the exploit script I found does not work. It tells me that the commands have been executed, but I’m pretty sure they have not been.

Thanks!

@mxchai said:
Would really love a PM regarding how to get a user shell. I have discovered a vulnerable service running on the box, but the exploit script I found does not work. It tells me that the commands have been executed, but I’m pretty sure they have not been.

Thanks!

pm me if u need help

Could someone give a hint about how to bypass the character when making a shellcode ? i’m sure the shellcode works fine locally withoute the character

@Erbooo treat them as one. You cant just bypass it.

Got to say good box, user was the hardest, and I liked IT. Root was not hard, but I truly like they way it was done. Great job @overcast .

I can get reverse shell locally. But with same payload i am getting 500 error on the canape server. Can someone give me a hint??

Tring to get user, An one way I’m trying is using the DB, yes I have got the DB permission, and I’m trying to use some exp scripts to get the user permission. however, I’m stuck at this process. I just want to know am I right ? Took me a week …

@hahcaptain said:
Tring to get user, An one way I’m trying is using the DB, yes I have got the DB permission, and I’m trying to use some exp scripts to get the user permission. however, I’m stuck at this process. I just want to know am I right ? Took me a week …

If you have got the DB permission, I think you should utilize ALL DATA from DB.

anybody can pm for the first step?

@rocux said:
@Erbooo treat them as one. You cant just bypass it.

finally find one works fine . Thanks~

@raouf09 said:
anybody can pm for the first step?

pm me we can do it together