Dev0ops hints

Rooted - great box, PM me for hints

fun box! all i can say is remember, keep it simple stupid

rooted, pm me for hints

@TheLegend said:

@drywaterv2 said:
This machine requires XML knowledge doesn’t it?

I dont think so, I didn’t had any knowledge when i did the machine.

Google bro, it has answer to almost everything

Thought so myself, but wasn’t sure what scripts to use. Tried some but I don’t know how I can get around the internal server error. Sorry for the stupid remark

@drywaterv2 said:

@TheLegend said:

@drywaterv2 said:
This machine requires XML knowledge doesn’t it?

I dont think so, I didn’t had any knowledge when i did the machine.

Google bro, it has answer to almost everything

Thought so myself, but wasn’t sure what scripts to use. Tried some but I don’t know how I can get around the internal server error. Sorry for the stupid remark

no question is ever stupid,

The moment you think “No one is that stupid, could it really be that easy, maybe they just forgot…” you are exactly where you need to be. Got root and now I need to try harder at not trying so hard…

Hi, i don’t the way to insert some xml reverse or something like that, some hint pls.

@OroJackson said:
Hi, i don’t the way to insert some xml reverse or something like that, some hint pls.

you’re on the right way. find the right “Injection” point if you already found the page, read it carefully…and remember, “good family is a father with three sons”.

@drywaterv2 said:

@TheLegend said:

@drywaterv2 said:
This machine requires XML knowledge doesn’t it?

I dont think so, I didn’t had any knowledge when i did the machine.

Google bro, it has answer to almost everything

Thought so myself, but wasn’t sure what scripts to use. Tried some but I don’t know how I can get around the internal server error. Sorry for the stupid remark

no question is ever stupid,

RooOooted

pls i need help on priv esc

@otaman can you help me pls? Now i tried upload msfvenom payload.xml and after that used burp suite forward but with *.php.xml but the page said INTERNAL SERVER ERROR.

Can someone PM me on the main website about the XML injection… Uploaded an xml script but I’m getting internal server error, tried curl but to no avail, I have no idea what to do

@drywaterv2 make sure the format is correct, try to upload a XML without malicious payload first. Also, read carefully.

Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?

@prutz said:
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?

I ran dirbuster, gobuster and dirb, there are only 2 directories (f*** and u*****)

@drywaterv2 said:

@prutz said:
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?

I ran dirbuster, gobuster and dirb, there are only 2 directories (f*** and u*****)

you are ritgh

@prutz said:
@drywaterv2 make sure the format is correct, try to upload a XML without malicious payload first. Also, read carefully.

I have the same problem, i uploaded but the page don’t say if the file load successfull or not. how do you know that is working?

Got root on the box. Thanks @lokori for the interesting challenge. Got stuck for quite a while on the initial entry into the system, but eventually figured it out :+1:

@OroJackson said:

@drywaterv2 said:

@prutz said:
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?

I ran dirbuster, gobuster and dirb, there are only 2 directories (f*** and u*****)

you are ritgh

@prutz said:
@drywaterv2 make sure the format is correct, try to upload a XML without malicious payload first. Also, read carefully.

I have the same problem, i uploaded but the page don’t say if the file load successfull or not. how do you know that is working?

If you upload an XML it will always give the internal server error. You’ve got to look inside the page, but i haven’t found anything useful myself

@drywaterv2 said:

@OroJackson said:

@drywaterv2 said:

@prutz said:
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?

I ran dirbuster, gobuster and dirb, there are only 2 directories (f*** and u*****)

you are ritgh

@prutz said:
@drywaterv2 make sure the format is correct, try to upload a XML without malicious payload first. Also, read carefully.

I have the same problem, i uploaded but the page don’t say if the file load successfull or not. how do you know that is working?

If you upload an XML it will always give the internal server error. You’ve got to look inside the page, but i haven’t found anything useful myself

You need read, was harder for me interpret but know we some help i have a user but i am stuck again.