Bounty

Hello all:

I’m stuck at the first steps of this machine. Could someone please PM me? I will give more info on what I have tried on the PM. I just don’t want to provide spoilers here.

Kind regards.

Alright so I’ve been enumerating Bounty with various tools, various lists and also tried to enumerate files using the 2 extensions used by that web server type and technology, but all I have are 2 folders that cannot be accessed (403: Access Forbidden). Can anyone send me a PM so I can tell them what I tried so far, and let me know if I’m missing a certain tool or wordlist?

Edit: Alright, I finally found the page, had to wait for one of the tool to run till the very, very end I guess…

I know what to do next, however, my upload isn’t accessible for some reason, while my test one is. Can anyone PM me regarding this? I might just be misunderstanding something.

Edit 2: Alright, so my upload is accessible, but it vanishes really quickly… I doubt the box gets reset every 2-3 minutes.

Got root,pm me if you need help…

Rooted ! Was very hard for me, windows is complety out of my comfort zone…
For user: (Hate this) Enumerate again, google is you’r friend, check what you can upload :smiley: .
One advice for privesc, if u wanna do this via Met******t, check the architecture of what are you workin’ on :smiley:

Cheers !

had user 2 months ago before having other urgent things to focus on. Getting the initial foothold again was annoying until I remembered my notes. This thread contains plenty of info if you are stuck. Keeping a steady shell and getting to root was quite a bit easier with use of certain windows utils that are available by default.
Nice box.

Is there a trick to get a file upload to stick? I had a working upload earlier and got a stable shell, but now the same file isn’t working. Help!

Edit: Got root.txt. Still really confused as to why sometimes the upload sticks and other times not. Had better luck on free than vip.

None of my RCE seems to work, Im al little bit confuse too right now hahaha

Having some trouble figuring out how to format the upload. I’m aware of the extensions it allows, but is giving me cannot be displayed because it contains errors. Would be greatly appreciated if someone could PM and give me an idea on next steps.

Rooted. Box was unstable during the privesc.

Hello, I found the url where upload the payload in the correct format.
i can see the uploaded file but I can’t get the reverse shell to work… any hint?

it’s so unstable… but rooted at last. first ‘sucks’ rate i gave here

UPDATE: rooted… can’t imagine how many times I clicked the ‘Upload’ button

It’s normal some files present a http error 500? sometimes it change to 403. is this box stable?

got rce, cant find user.txt in the desktop/documents.
help?

Finally got this after over a week + and leaving and coming back a few times

hints… just keep at it… find the intial foot hold via searchign folders and files/pages that would run on this type of web server you find one of each …

then work on payload and seeing what files work… go small and simple and then make it complex… any errors will through 500 and ruin your day and frusterate the ■■■■ out of you… Also, keep in mind lots and lots of others are doing the same things as you…which will over write your files and ■■■■ you off… lol… this will screw you up… also use private/no cookie/cach mode on browser/tools…keep trying think about it and then do it later… don’t just keep hammering away wonder wtf is giong on and why your files are missing/going away.

after you get shell and rce the fun begins… think what type of system it is…the type of shell you have and then try and search for exploit for this system… the archecture plays a big part in this system x86 x64… think about it all and keep at it.
pm if you want.

Woohoo! Finally rooted! M********t got me over the hump. Take note of the previous hints.

For Privilege Escalation you can use 2 exploits. After rooting the Bounty i read the WriteUPs in Github and all of them use the same exploit but i found another one

Rooted!. Anyone could did it without M******r?

RCE not stable enough to for me to find anything i might just move on to another box tbh. I’ve been mashing that upload button for too long

Rooted as well, Wondering if there are other methods apart from the easy exploit