Dev0ops hints

@HackingSnake said:
Can anyone give me a nudge via DM? I think I understand what kind of vulnerability I should be looking for, but really stuck at the first page you discover

here comes the nudge (now I’m working on this box):

what is running as a server on that particular port/webpage? Which language is it written with? Can you find some well-known vulnerability for that particular language/service?

Have fun

Pnwed. For those who are struggling, read the message on that initial webpage and follow suit. For priv esc, read some of the hints on this blog and just get back in time and look for a very bad mistake. No programming skills , no exploits, just a browser and some ascii editor and basic linux command shell will get you there.

This machine is great and priv esc was awesome, very realistic!

Spoiler Removed - Arrexel

No matter how I format the XML I get the 500 error. I’ve tried every which way (obviously not). I have all the elements mentioned on the page. A pm would be greatly appreciated.

EDIT: and right as I say that it works. ha, attention to detail my friends…

I am in that time machine file but dont know what to do next, please PM me

I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

@servetel10 said:
I am in that time machine file but dont know what to do next, please PM me

If you have a command you don’t know how to use, how do you learn?

If you have actually found the time machine, I guarantee you can even find a YouTube video of its name + 1 command to show you how to turn back the clock.

@NovNovikov said:
I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

Feel free to dm me with what you have. I’m not entirely sure what you’re asking, and since I already rooted this one you could be more specific there.

Got user, trying to get root. I think I have the idea but am missing something simple. Can I pm somebody to discuss it?

any hints for priv escalation?

@sesha569 My only advice is to read through the thread, and figure out how you could turn back time on a computer. Not too many options.

Yup @Andromalius I tried that. Will look for other options to perform that.

Got user. Learned a lot.

@HackingSnake said:
I’m still at the beginning , found a page on a port. I’m trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?

For some reason dirbuster failed for me aswell. try dirb

hey i just found what i think i need to exploit, but i keep getting internal server error, can anyone pm me for some help on formatting of payload?

Can I PM someone about the way to get the user flag? I am very sure the kind of exploit I have to use in the Internal Server Error page. Since it does not output anything it has to be a blind injection, however as I am trying to refer to an external payload in my machine I can not seem to make it work. Help please!

Edit: Got it! nvm

Anyone able to give me a pointer on the XML I have it calling back on upload but I am stuck…

@lokori

Great box man. Frustrating at parts for a new guy, but I definitely learned a lot as well.

For everyone else:

Step 1:
Enumeration. From the comments, you can pretty much tell what you need to do. I would definitely suggest starting out getting a non-malicious file uploaded to ensure your basic formatting is correct. If it is, you will get a confirmation message, of sorts. You can get user.txt this way once you add a command to read files.

Step 2:
Once you can read files, try to think about how you can gain access. I know there’s at least two ways to complete almost every part of this machine, which is kind of cool, but can be confusing for people as well. I didn’t do any two-part commands or reverse shell or anything like that. Not saying it’s not possible, but there might be an easier way. Can you think of any files on a system that you could read that would help you gain remote access?

Step 3:
Once you have access, enumerate, as usual. Again, there are at least two ways to get root access that I know of. Check the forums here for hints about how to locate information on the system about what you’re looking for. There’s a certain command that will actually show you both ways if you look closely enough.

Definitely a fun box. Feel free to PM me with questions. I’m no expert, but I’ll try to help ease some frustration where I can. :slight_smile:

–Skunkfoot

Oh, im lost with this type of attack. I read here “upload something” but i cannot find an entry point. I try to send a xml to main page via curl, but POST method is not allowed, maybe it can be xx? injection? Is there some endpoint that is not / or /feed? Any hints?