Dev0ops hints

But maybe feed.py file available on the internet and I need to look source code ?

@evilcall said:
But maybe feed.py file available on the internet and I need to look source code ?

No need for all that, try a different approach.

I have tried everything I know… Are there some parameter guess in get request ?

@9999volts said:
Oh, i got something :slight_smile: TY GreysMatter

Finally got it! Nice box, thank you for this one! Went down multiple wrong routes, but I learned a lot during all those ways. Enumeration still teaches a lot too a newbie like me. :slight_smile:

DAMIT

Can i have some PM for hint to get priv esc? Thx! (I got the r*a.)
Solved! “Back in time in DevOps mode”

Can anyone let me know if “internal server error” is indicative of a goosed box or just poor formatting of what im posting?

tried lots of formats and i see get requests come back to me, but never the info i ask for… :expressionless:

@Phrenesis2k said:

@HackingSnake said:
I’m still at the beginning , found a page on a port. I’m trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?

For some reason dirbuster failed for me aswell. try dirb

Having problems with dirb, I get a “Calculating NOT_FOUND code…”

edit: any suggestion on which wordlist to use?

If someone need help for an initial foothold pm me

Stuck on the XML cant escalate it further… any hint…?

Amazing box @lokori ! Really enjoyed the the user, a bit too obvious for root but it was very fun. Great Box! :+1:

@sakyb said:
Stuck on the XML cant escalate it further… any hint…?

What files/folders can you read? What would be great to read from a user directory?

Hi all,

Is there anyone I could PM? I’ve got user.txt, I’ve got a shell access but am really struggling to get root.txt. I’ve trawled through logs, through code, through config files, etc.

Thanks

P0e

hey guys, can someone PM me? I got user flag, im having issues getting shell. I have r*a but its giving me invalid format error despite validating it and getting a thumbprint from it. Ive been at this for a few days now and its killin me

How to connect with uPnP/5000 port ,exploit?

@n3gz404 said:
hey guys, can someone PM me? I got user flag, im having issues getting shell. I have r*a but its giving me invalid format error despite validating it and getting a thumbprint from it. Ive been at this for a few days now and its killin me

Message me, I’ve got shell

I believe I’ve found the priv esc vector, however I can’t seem to execute commands. Would love to have a chat, figure out where I’m going wrong if someone is kind enough.

Cheers!

@jamesa said:
am unable to read file from server… what payload i can you in my xml …? help!

Well, it’s time to give up. I’ve got user.txt, can read some files and can see the past (basics), but I definitely don’t know how to use this information. Please, PM me a hint.
UPD: Got it by myself! :slight_smile: