Dev0ops hints

hey guys, i manage to find a X** vuln that allows to view some file. what can i do to get a shell ?

@Daffyspider said:
hey guys, i manage to find a X** vuln that allows to view some file. what can i do to get a shell ?

Every lock has a key, and Finding one is better then breaking the lock :wink:

@akSnip said:

@Daffyspider said:
hey guys, i manage to find a X** vuln that allows to view some file. what can i do to get a shell ?

Every lock has a key, and Finding one is better then breaking the lock :wink:

■■■ found it thank you !

Can someone give me a hint for priv esc, go back in the past brings some idea’s but not sure what I can do with it? Or can I send someone a message?

Priv esc the tip is “back in time”.
How can we see the past? How can we remember what was done?

@MarcosSGomes I believe I get what you are talking about, however Im not too sure what I can do with it

I was able to get some good files via upload, but I can not proceed because I get the bad permissions error k **, help someone pm

edit1 : logged with user xD

Got user without shell. Not sure where to go next. PM hint please

pm me hint on root

■■■!! finally got root, after so many nights! Just a gave a shot on what I thought could be.
It was difficult but easy when you know it.

Its all about reading. Learned a lot on this box.
Thanks for all the hints guys.

  • Not a developer

anyone got a tip for me on the upload? I got the “three sons” but my xml still seems to be kinda invalid

@jownz said:
anyone got a tip for me on the upload? I got the “three sons” but my xml still seems to be kinda invalid

Before trying with the 3 sons, have you tried to avoid errors with a classical file like those you can find here: XML Tutorial ?

@14NC3107 said:

@jownz said:
anyone got a tip for me on the upload? I got the “three sons” but my xml still seems to be kinda invalid

Before trying with the 3 sons, have you tried to avoid errors with a classical file like those you can find here: XML Tutorial ?

NVM – found my mistake – you should actually beware of case sensitivity!

getting user.txt was a journey… now after exhausting everything I can think of for privesc, I’ve hit a wall… can anyone DM me some direction?

UPDATE: got it… can’t believe it was sitting there the whole time LOL

I really need some help? Been stuck for a while ? I’m a noob and stuck looking in the past , but what am I looking for ?? (Privesc)

same can someone please point me to the right direction ? (priv esc)
non-developer here.

(disregard, I just GOT IT!)

I have user.txt and can read files, but can’t seem to format my upload to do any sort of remote code execution. OWASP reading helped but their example code isn’t working for me. Can anyone PM me a nudge in the right direction? Without being able to list folder contents it’s hard to know what to look for.

Something to do with f****.**?

UPDATE : Nvrmind, Rooted :slight_smile:

Hey all, need help with priv esc? can anyone dm me?

UPD: No need. Got root

hello! I’ve found user.txt, logged in with r****, i’ve been able to switch to g**, had a look back in time, I tried to deal with r** k** but I didn’t find a way to priv esc… What am I missing/doing wrong? Thank you in advance