Dev0ops hints

This machine is great and priv esc was awesome, very realistic!

Spoiler Removed - Arrexel

No matter how I format the XML I get the 500 error. I’ve tried every which way (obviously not). I have all the elements mentioned on the page. A pm would be greatly appreciated.

EDIT: and right as I say that it works. ha, attention to detail my friends…

I am in that time machine file but dont know what to do next, please PM me

I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

@servetel10 said:
I am in that time machine file but dont know what to do next, please PM me

If you have a command you don’t know how to use, how do you learn?

If you have actually found the time machine, I guarantee you can even find a YouTube video of its name + 1 command to show you how to turn back the clock.

@NovNovikov said:
I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

Feel free to dm me with what you have. I’m not entirely sure what you’re asking, and since I already rooted this one you could be more specific there.

Got user, trying to get root. I think I have the idea but am missing something simple. Can I pm somebody to discuss it?

any hints for priv escalation?

@sesha569 My only advice is to read through the thread, and figure out how you could turn back time on a computer. Not too many options.

Yup @Andromalius I tried that. Will look for other options to perform that.

Got user. Learned a lot.

@HackingSnake said:
I’m still at the beginning , found a page on a port. I’m trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?

For some reason dirbuster failed for me aswell. try dirb

hey i just found what i think i need to exploit, but i keep getting internal server error, can anyone pm me for some help on formatting of payload?

Can I PM someone about the way to get the user flag? I am very sure the kind of exploit I have to use in the Internal Server Error page. Since it does not output anything it has to be a blind injection, however as I am trying to refer to an external payload in my machine I can not seem to make it work. Help please!

Edit: Got it! nvm

Anyone able to give me a pointer on the XML I have it calling back on upload but I am stuck…

@lokori

Great box man. Frustrating at parts for a new guy, but I definitely learned a lot as well.

For everyone else:

Step 1:
Enumeration. From the comments, you can pretty much tell what you need to do. I would definitely suggest starting out getting a non-malicious file uploaded to ensure your basic formatting is correct. If it is, you will get a confirmation message, of sorts. You can get user.txt this way once you add a command to read files.

Step 2:
Once you can read files, try to think about how you can gain access. I know there’s at least two ways to complete almost every part of this machine, which is kind of cool, but can be confusing for people as well. I didn’t do any two-part commands or reverse shell or anything like that. Not saying it’s not possible, but there might be an easier way. Can you think of any files on a system that you could read that would help you gain remote access?

Step 3:
Once you have access, enumerate, as usual. Again, there are at least two ways to get root access that I know of. Check the forums here for hints about how to locate information on the system about what you’re looking for. There’s a certain command that will actually show you both ways if you look closely enough.

Definitely a fun box. Feel free to PM me with questions. I’m no expert, but I’ll try to help ease some frustration where I can. :slight_smile:

–Skunkfoot

Oh, im lost with this type of attack. I read here “upload something” but i cannot find an entry point. I try to send a xml to main page via curl, but POST method is not allowed, maybe it can be xx? injection? Is there some endpoint that is not / or /feed? Any hints?

What are the common methods for finding an “entry point” on a web server? If you need a nudge then PM me.

Oh, i got something :slight_smile: TY GreysMatter