Dev0ops hints

Amazing box @lokori ! Really enjoyed the the user, a bit too obvious for root but it was very fun. Great Box! :+1:

@sakyb said:
Stuck on the XML cant escalate it further… any hint…?

What files/folders can you read? What would be great to read from a user directory?

Hi all,

Is there anyone I could PM? I’ve got user.txt, I’ve got a shell access but am really struggling to get root.txt. I’ve trawled through logs, through code, through config files, etc.

Thanks

P0e

hey guys, can someone PM me? I got user flag, im having issues getting shell. I have r*a but its giving me invalid format error despite validating it and getting a thumbprint from it. Ive been at this for a few days now and its killin me

How to connect with uPnP/5000 port ,exploit?

@n3gz404 said:
hey guys, can someone PM me? I got user flag, im having issues getting shell. I have r*a but its giving me invalid format error despite validating it and getting a thumbprint from it. Ive been at this for a few days now and its killin me

Message me, I’ve got shell

I believe I’ve found the priv esc vector, however I can’t seem to execute commands. Would love to have a chat, figure out where I’m going wrong if someone is kind enough.

Cheers!

@jamesa said:
am unable to read file from server… what payload i can you in my xml …? help!

Well, it’s time to give up. I’ve got user.txt, can read some files and can see the past (basics), but I definitely don’t know how to use this information. Please, PM me a hint.
UPD: Got it by myself! :slight_smile:

I really enjoyed this one, very “addictive” machine indeed.

Thanks to @lokori !

Rooted - great box, PM me for hints

fun box! all i can say is remember, keep it simple stupid

rooted, pm me for hints

@TheLegend said:

@drywaterv2 said:
This machine requires XML knowledge doesn’t it?

I dont think so, I didn’t had any knowledge when i did the machine.

Google bro, it has answer to almost everything

Thought so myself, but wasn’t sure what scripts to use. Tried some but I don’t know how I can get around the internal server error. Sorry for the stupid remark

@drywaterv2 said:

@TheLegend said:

@drywaterv2 said:
This machine requires XML knowledge doesn’t it?

I dont think so, I didn’t had any knowledge when i did the machine.

Google bro, it has answer to almost everything

Thought so myself, but wasn’t sure what scripts to use. Tried some but I don’t know how I can get around the internal server error. Sorry for the stupid remark

no question is ever stupid,

The moment you think “No one is that stupid, could it really be that easy, maybe they just forgot…” you are exactly where you need to be. Got root and now I need to try harder at not trying so hard…

Hi, i don’t the way to insert some xml reverse or something like that, some hint pls.

@OroJackson said:
Hi, i don’t the way to insert some xml reverse or something like that, some hint pls.

you’re on the right way. find the right “Injection” point if you already found the page, read it carefully…and remember, “good family is a father with three sons”.

@drywaterv2 said:

@TheLegend said:

@drywaterv2 said:
This machine requires XML knowledge doesn’t it?

I dont think so, I didn’t had any knowledge when i did the machine.

Google bro, it has answer to almost everything

Thought so myself, but wasn’t sure what scripts to use. Tried some but I don’t know how I can get around the internal server error. Sorry for the stupid remark

no question is ever stupid,

RooOooted