Dev0ops hints

@SimVirus said:
Hello!
I’ve the user.txt… Is a reverse shell needed for get root?
Regards

If you can read files on a server, what files would be really useful to gain initial foothold?

From there it’s straight forward, lots of people have given some really good hints. Just don’t overthink it.

Can someone PM me a hint for priv esc? Not sure how to proceed…

If you can read files on a server, what files would be really useful to gain initial foothold?

Done! thank you! Now I’m starting with Priv Esc :slight_smile:

any hint for 500 internal server error cant able to upload the file

Any hint for xml format? I’m stuck. What I need to see if my xml works? On the inspect element section o where? Im really noob

@ErUnix said:
Any hint for xml format? I’m stuck. What I need to see if my xml works? On the inspect element section o where? Im really noob

Validate XML - Online XML Tools … this will help in knowing if your xml format is correct and let you make changes and check

@cslatt05 said:

@ErUnix said:
Any hint for xml format? I’m stuck. What I need to see if my xml works? On the inspect element section o where? Im really noob

Validate XML - Online XML Tools … this will help in knowing if your xml format is correct and let you make changes and check

This is perfect to test my xml but when I upload the file, how I know if server give me anything ?

@dragonitesec said:

@OroJackson said:
Hi, i don’t the way to insert some xml reverse or something like that, some hint pls.

you’re on the right way. find the right “Injection” point if you already found the page, read it carefully…and remember, “good family is a father with three sons”.

Couldn’t have got better hint “good family is a father with three sons”… :wink:

@ErUnix said:

@cslatt05 said:

@ErUnix said:
Any hint for xml format? I’m stuck. What I need to see if my xml works? On the inspect element section o where? Im really noob

Validate XML - Online XML Tools … this will help in knowing if your xml format is correct and let you make changes and check

This is perfect to test my xml but when I upload the file, how I know if server give me anything ?

If you uploaded a correct item you will see output, try that first before moving on as a suggestion.

Hi, is anyone here willing to help me out with a hint about the privesc? Have everything I need, I think, like the kindom key but I not able to figure out which lock should be picked with. Cheers.

Nevermind - rooted it. Amazing box. Very similar with a real life scenario. Thanks hips to the makers. Please bring more similar on the table.

I’ve got a code 200 with my xml and now I can see the users inside //p**, this is the end of my story :frowning:

Please any hint, I’m dying lol

@skarfaze said:
I’ve got a code 200 with my xml and now I can see the users inside //p**, this is the end of my story :frowning:

Please any hint, I’m dying lol

You need to find something that is as good as a password

@poe said:

@skarfaze said:
I’ve got a code 200 with my xml and now I can see the users inside //p**, this is the end of my story :frowning:

Please any hint, I’m dying lol

You need to find something that is as good as a password

me too @poe , but i am looking for something.

@cyb3rb0t said:

@dragonitesec said:

@OroJackson said:
Hi, i don’t the way to insert some xml reverse or something like that, some hint pls.

you’re on the right way. find the right “Injection” point if you already found the page, read it carefully…and remember, “good family is a father with three sons”.

Couldn’t have got better hint “good family is a father with three sons”… :wink:

I felt like Batman vs Riddler when i was thinking on this. But a better hint is “Before upload some file, read everything and identify the three sons.”

Got user …doing a lot of log/config digging now …any nudges towards root would be appreciated (via PM)

I have already enumerated, and I have been able to mount an xml file without error in a validator site, but the 500 error persists, I tried to upload the file by another method, not by a certain page, cu ** -d but not successful. I am tired and without a north, I do not understand very well of programming html & xml, but I understood the reference of the 3 children … PM hint someone

I was able to read user’s flag without a shell on the machine but want to get a shell in order to esc priv, please PM me for hints:

Nice box, Especially the User, given the different ways to exploit. The New**** rce and the file read through x**

for the new**** method, its something to send in a very common encoding format.
“Morty, I have turned my self into a ****** … ****** RickK!!!”

Need a hint for root flag, got shell. Pm please :confused:

Nvm rooted :slight_smile: