Dev0ops hints

thanks @f4d0 I got root yesterday

@hagi said:
thanks @f4d0 I got root yesterday

Great :smiley:

Took me a while to understand this going back to the past but learnt something new. Thanks everyone for the hints.

I need help with this Machine, i don’ t know how charger an XML payload.

forgot to post, this was a fun machine and was v educational, if you need help feel free to reach out :slight_smile:

@OroJackson said:
I need help with this Machine, i don’ t know how charger an XML payload.

You can read files with RCE, and found files that can help you to get shell.

I am able to ping back to my machine. But not able read the files on the sever. Any hints appreciated. Thanks.

@sesha569 said:
I am able to ping back to my machine. But not able read the files on the sever. Any hints appreciated. Thanks.

If you ping back to your machine you have RCE, why don’t you just set a reverse shell?
(I was not able to do RCE, I was just able to read info from the server.)

@f4d0 said:

@sesha569 said:
I am able to ping back to my machine. But not able read the files on the sever. Any hints appreciated. Thanks.

If you ping back to your machine you have RCE, why don’t you just set a reverse shell?
(I was not able to do RCE, I was just able to read info from the server.)

I tried for reverse shell. But it didn’t work.
I am trying to look for the services on the machine.

still trying to get the root, if u need help to get the user just PM me, i will give you some hint .

@sesha569 said:

@f4d0 said:

@sesha569 said:
I am able to ping back to my machine. But not able read the files on the sever. Any hints appreciated. Thanks.

If you ping back to your machine you have RCE, why don’t you just set a reverse shell?
(I was not able to do RCE, I was just able to read info from the server.)

I tried for reverse shell. But it didn’t work.
I am trying to look for the services on the machine.

Not the way I did, but if you have code execution, why don’t you download a reverse shell file in one step and in a second step execute it?

I can “upload” files with RCE and , i can also view files (already viewed user.txt flag) but i cant execute the file i tried like uploading it with http GET and piping it into bash but it doesn’t work! Anyone can give any hints for gaining shell ?

Ok, i’m hitting a wall here. Am totally outa ideas. I’m as user ra. I see g has logged in 127. Do I need to get g* login? I’ve check back in time nothing seems to help now i’m in. I’ve opened every compressed log i can find. and enum’d to death, If anyone could PM me. i’m so close… but so far away :). My first post ever here so delete if spoiler

Got root it thanks to Leonishan for the hints, I learned some interesting new stuff there, thanks for your help. Would have been chasing the wrong path for months! My head was in the wrong timewarp.

I am not sure what everyone is talking about with the “Time Travel” hint and look for services / packages that are installed on the system that let you “go back in time” like “backup” software… but i didn’t need any of that to get root. It’s pretty simple and not a lengthy process at all. Just look what you have as the user, and then apply it.

Any one can help with priv esc ?

Found the correct XML format but stuck with the payload. Any help would be much appreciated. Thanks

Nevermind got it. Now hunting for root :slight_smile:

Rooted finally! Special thanks to @wyliebsd and @elevennails :relieved:

I’m still at the beginning , found a page on a port. I’m trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?