SecNotes

Thanks @seepckoa I’ll run with that and see how it goes

@mxchai said:
Thanks @seepckoa I’ll run with that and see how it goes

If you still do not arrive, contact me! :slight_smile:

I am somehow stuck… I have some initial creds, I have read some things, I have pulled some files, but it’s unclear how to proceed to get shell/filesystem access from here. Found something that could give RCE, but not sure where to actually find it.

I’ll probably figure it out after taking a fresh look later…

@Seepckoa said:

@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

Thanks!

You need to do a little enumeration at the login level, we could inject what in a login page ?

i pretty much get what i need to do but the usernames taken * all of it *

Need to wait for my turn i guess ! :anguished:

Finally, got root ! I learned a lot.
Many regards to @Pratik

edit: For initial foothold, you need to find some credentials on obvious service. OWASP Top 10 will guide you. Don’t overthink it.

rooted. didnt expect root to be that easy. was over complicating it.

@r518 said:
I think I’m overlooking this one a lot. I’ve tried a fair few things, could someone point me in the right direction for the foothold in PM?

Edit * found it.

Edit 2: For everyone PM’ing…

Have a look at ippsecs videos this was done on a previous box. It seems like its a bit of a Nightmare of a box trying to get information out of this…

Which box was that?

@jamesa said:

@r518 said:
I think I’m overlooking this one a lot. I’ve tried a fair few things, could someone point me in the right direction for the foothold in PM?

Edit * found it.

Edit 2: For everyone PM’ing…

Have a look at ippsecs videos this was done on a previous box. It seems like its a bit of a Nightmare of a box trying to get information out of this…

Which box was that?

I didn’t do it, but I heard it was a Nightmare.

Edit : Never mind got it

Cool box! Respect @0xdf

Easy one! :wink: My hints are : don’t overthink and don’t try to bruteforce anything … basic enumeration is the key to this machine!

All the spoilers are on this thread

I’ve got creds, and I can save stuff to the server. But I can’t get RCE or a shell with any of the methods I’ve already tried. Can anyone PM with a nudge in the proper direction?

@DataPush3r I am in the same boat as you. I got creds but cannot seem to do anything else from there.

Hi Guys i can upload shell to server. But i cant find on site. Is it false way ? Please PM for hint.

@MaTRiX13 Its there, but I can’t get it to execute. So that makes at least 3 of us in the same boat. Anyone with a tip?

ok so can I help? well maybe…
for initial shell keep going old school on , everything you need is there. think old school, what can you access, what can you do?
fot priv esc: well search the WHOLE system for interesting exes relating to weird thing you should notice!! then what you did before will help you in the future!!

@DataPush3r I got it now what a dummy I am.

For all people having problems to get a shell … back to basics and try a simple shell, this OS version usually have an AV running …

I’ve got to admit that was a fun path to system. Totally unexpected. I rushed things at the beginning and had a total face palm. But overall it was a really fun box!
Thanks 0xdf

I’m still working on the initial foothold, but I seem to be running into an issue where I get the response “Something went wrong”. I’ve figured out that it’s related to the length of my input. Is there a way around this or do I just have to figure out how to work with it?

Edit: Never mind. I was trying to go much farther into the DB than was necessary.