Bounty

@jbakes1740 said:
Can someone pm me on the initial foothold? Running into problems finding what I need to w/ certain extensions

Have you tried dir search ? And noticed what dirs ? Can you guess what will be the framework running on the server ? what file extension will be running on the framework ? Have you tried to search the file extension?

Can anyone help with the PrivEsc?

Edit: Rooted! Struggled getting reverse shell from the webshell but once I figured that out, rooted within 30 minutes

Hi,

I can upload, and I know where the files are going to, but I cant get code to get executed, can someone hint me. Thanks.

i am not getting a way to bypass file upload restrictions. Can someone give me a hint

Got some help with the upload and managed to get RCE but how can I get an interactive shell any hints?? Thanks!!

Took me a while, but I pwned Bounty. I was almost there all the time, but after many, many hours it clicked. Thanks for those who helped me and for the creator of the machine. Learned a ton!

Hi guys I’m very noob and I don’t know how start this machine, I find a interesting directory but, i only know this machine work with IIS 7.5, also i tried with burpsuite but I don’t lucky, some body please help, or send me PM

Would someone please send me a PM - I’m stuck on a rabbit hole and need a little help. with RCE.

Has anybody a hint for me about how to find the directory where the uploaded files are being stored?
Thanks

Gobuster and dirbuster are useful enumeration tools

That’s what I already did. (with and without file extension parameters,). But I haven’t found anything apart from the aspnet_client folder, which I am not allowed to access.
Btw. I also tried different wordlists (common.txt, big.txt ), but nothing seems to work…

@joesch said:
That’s what I already did. (with and without file extension parameters,). But I haven’t found anything apart from the aspnet_client folder, which I am not allowed to access.
Btw. I also tried different wordlists (common.txt, big.txt ), but nothing seems to work…

Aaah, finally found the directory.

This machine is terribly unstable

I’m not having any luck with getting RCE to work. Could any one give me any tips? I believe I’m bypassing the extension correctly.

Thanks!

Actually I think ive found out what to do for RCE

Rooted, good box ! :slight_smile:

Hi all,

Can I PM anyone to bounce some ideas off on how to gain an initial foothold? I enumerated 2 directories and trying to figure how to leverage what’s there…

Thanks

Rooted. User is tougher than root.

I am new to here and decided to start from bounty machine… But need help from where to start… can any1 help me out…