@Sidxzx said:
whoami : root, what should i do search for root.txt ?
Negative Ghostrider. You can search all you want, but this box is a little more complex than just getting a reverse shell. You’re going to have to do some more enumeration and a lot of research on the services and their vulnerabilities
I wonder if my way of rooting it was the intended one. I tried to replicate a ‘famous hack’ demonstrated a while ago. But then I figured - why pass on something interesting that you already have - better deal with it yourself!
My advice is to enumerate the whole network carefully - you can use bash one-liners as nmap replacement.
@kekra said:
I wonder if my way of rooting it was the intended one. I tried to replicate a ‘famous hack’ demonstrated a while ago. But then I figured - why pass on something interesting that you already have - better deal with it yourself!
I’d be interested to hear of this alternate method if you’d like to discuss.
I’d be interested to hear of this alternate method if you’d like to discuss.
I am also interested - it’s not really a totally different method, more like ‘half of the famous hack’ but ‘acting more actively’. Perhaps I’m wrong and it was the intended method…
I’m pretty stumped with this one. I got user, and was able to scan from that box; I think I understand the attack I need to pull off, but I can’t seem to get it to work. Anyone willing to just help me debug what I’m doing via PM?
EDIT: I managed to pop the root flag, although I’m not 100% sure the way I did it was how you were supposed to do it (though it was close). This box really needs to be rated higher than it is on difficulty, but I loved the attack.
After logging into the app successfully, I am now struggling with RCE. I believe I am in the right page. Appreciate some hints as I think Nikto gave a false positive of a vulnerability.
You don’t need Nikto to get a shell. If you believe it’s a right page just tried different techniques to inject the code. If nothing still works then try the same but encode the payload this time.