Canape

So I’m in the same boat as several others when it comes to getting an initial foothold / rce using p****e. I have a working payload WITHOUT the name in the whitelist but I can’t seem to work it into the payload without breaking it. Any hints / pm would be greatly appreciated!

@0xJDow said:
So I’m in the same boat as several others when it comes to getting an initial foothold / rce using p****e. I have a working payload WITHOUT the name in the whitelist but I can’t seem to work it into the payload without breaking it. Any hints / pm would be greatly appreciated!

I know you feeling

Okay guys, I got a local address for couch but I can’t seem to connect to it with a payload, do I have to create an instance of that localhost on my machine?, am stuck here,any hints please

Hello guys, i have tried everything i can, i have mirrored the git repo to my localhost and tried using a python payload to connect to the db but still not working, really out of ideas, hints will be appreciated thanks

Whoo man, I am super stuck on the payload for this one. Still no luck :dizzy:

Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

@1m0s said:
Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

Did u see the db?

@1m0s said:
Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

Got user flag.

@1m0s said:

@1m0s said:
Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

Got user flag.

and root (even easier).

Hi,
Can anyone give a hint? Yesterday, I was able to get initial shell but right now I’m getting 400 error. I’ve reverted the machine but still no success.

Update: Finally got it.

@iVirus said:
For user,

  1. Need python knowledge and a bit of creativity to get Remote Command Execution (I think this is the hardest part)
  2. Use RCE to get minimal shell then use the command posted by xtech to get bash shell
  3. Research on a service running there and two very well known vulnerabilities in the version running, that will give you elevated access to the service
  4. With elevated access, check all data that you find and one of them will get you user

For root, check what you are allowed to do with elevated privilege and then find well known methods to use the operation to get privilege escalation

Finally got root today, thank you iVirus - this tip was very helpful. pm me if you need a nudge.

is there any retired box similar to canape?

im new. I find exploits, but exploits go to a 5xxx port (couch) that is closed. I would attack it from http. Any hints or something to read by dm?

Can someone help me with this please … Send me a DM .

I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

Use https://github.com/internetwache/GitTools/tree/master/Extractor

@protsenko said:

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

Use https://github.com/internetwache/GitTools/tree/master/Extractor

You have to enumerate a little bit more .

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

nope. have a look inside the directory. there is a file where you can get the exactly url to use to clone it.

Roooot, thanks all xD, PM if you need help :slight_smile: "

Can someone expound on how to narrow down where to look for vector for initial foothold? Dirbuster gave a lot of output so even just looking at the 200 response code is overwhelming ? to say the least. Every directory opens so far is bogus!!!