Canape

Hello guys, i have tried everything i can, i have mirrored the git repo to my localhost and tried using a python payload to connect to the db but still not working, really out of ideas, hints will be appreciated thanks

Whoo man, I am super stuck on the payload for this one. Still no luck :dizzy:

Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

@1m0s said:
Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

Did u see the db?

@1m0s said:
Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

Got user flag.

@1m0s said:

@1m0s said:
Hello. I got www-data shell, but stuck on priv esc. Can someone give some hint?

Got user flag.

and root (even easier).

Hi,
Can anyone give a hint? Yesterday, I was able to get initial shell but right now I’m getting 400 error. I’ve reverted the machine but still no success.

Update: Finally got it.

@iVirus said:
For user,

  1. Need python knowledge and a bit of creativity to get Remote Command Execution (I think this is the hardest part)
  2. Use RCE to get minimal shell then use the command posted by xtech to get bash shell
  3. Research on a service running there and two very well known vulnerabilities in the version running, that will give you elevated access to the service
  4. With elevated access, check all data that you find and one of them will get you user

For root, check what you are allowed to do with elevated privilege and then find well known methods to use the operation to get privilege escalation

Finally got root today, thank you iVirus - this tip was very helpful. pm me if you need a nudge.

is there any retired box similar to canape?

im new. I find exploits, but exploits go to a 5xxx port (couch) that is closed. I would attack it from http. Any hints or something to read by dm?

Can someone help me with this please … Send me a DM .

I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

Use https://github.com/internetwache/GitTools/tree/master/Extractor

@protsenko said:

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

Use https://github.com/internetwache/GitTools/tree/master/Extractor

You have to enumerate a little bit more .

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

nope. have a look inside the directory. there is a file where you can get the exactly url to use to clone it.

Roooot, thanks all xD, PM if you need help :slight_smile: "

Can someone expound on how to narrow down where to look for vector for initial foothold? Dirbuster gave a lot of output so even just looking at the 200 response code is overwhelming ? to say the least. Every directory opens so far is bogus!!!

Just rooted. Really enjoy the journey!!.

Is some1 online right now to ask smth.I think im super close to first reverse shell but im stucked!!!I think i do smth wrong on encoding

can someone pm me on initial foothold, i have the u*****e working recreated in my environment and had the hash file path working however keep getting 500 errors??