Dev0ops hints

Anyone able to give me a hand? I’m at Internal Server Error problem, I believe its my xml file format.

@binjnkie said:
Anyone able to give me a hand? I’m at Internal Server Error problem, I believe its my xml file format.

the most useful comment I had here is that XML elements are case sensitive,at least for unix based servers. Just make sure the father + 3 sons in your xml file maintain case sensitivity as requested

Tips from a Newbie to a Newbie…

This was my first box to attempt and have just rooted it over about 3-4 evenings. I have basic linux and very basic coding experience, I only very recently learnt about the idea of pen testing! Here’s how I approached it, hopefully WITHOUT ANY SPOILERS.

I downloaded Kali and read up a few walkthroughs of some of the early boxes to understand how to get started. I used two basic tools to carry out what I think you call enumeration, I just used default settings. I expect everyone has done the same so far. From that point on I didn’t use any hacking tools (mainly because I haven’t yet learn’t about them), i did everything manually.

All the clues I needed were in the website. If I didn’t know what the clue meant, i researched what it might relate to, or wrote it down for later. The clues are there to help after all, not send you on a wild goose chase. I think there are 2 or even 3 separate ways to get user, I only found one, so some of the clues I never used. The programming language involved I had actually never used, but it was very easy to learn the basics. Once I had the code, I knew I needed to compromise it. To understand how it worked, I set up a replica of the code on my machine and learnt how I could attack it. That way, I could see all debug errors, variables etc. I would have never worked it out without doing this. Once I could compromise the code, I googled for code examples to inject (e.g. how to spawn a shell). Again, I tested this on my machine, and then it worked against the box. It was very unelegant, but finally I had a way of getting user.txt.

Once I had some access to the filesystem, there were of course more clues to be found. Because they were only visible with user access, they could only relate to how to get root. Getting root took a lot of frustration, because it involved another programming system I had heard of but never used, and i was getting impatient and not testing attacks locally. I read up on the new system, but in the end I took a copy of the files on the server I found and again replicated everything locally. I finally found the answer, but I could not get the answer to work. Another theory to learn that I was aware of, but had never understood in detail. The reason the answer did not work for me was that I was simply doing it wrong. again, the saviour was replicating the scenario locally, enabling verbose mode on tools (basic tools not hacker tools) so I could see what I was doing wrong. After making a cup of tea (guess my nationality) I sat down and gave it one more go and I was staring at a root shell prompt.

I have since written a program to gain user access with one step, to prove to myself I could do it. Future work is to explore the other exploits that the clues hint to.

I really hope this helps other beginners and that I haven’t given anything away, mainly because the satisfaction of doing it unaided is huge. My approach was extremely inefficient, I’m sure there are tools that could have made my life so much easier (but I wouldn’t have learnt how they worked) but on the way I learnt so much, and that is the reason I am here.

I am now trying “Carrier” but getting nowhere. A cup of tea might help…

p.s. General tip on shell access: don’t forget to enable STDERR somehow or it will drive you up the wall if you are good at typos.

Hello, i see the past and got a key. But I do not succeed in using it (prompt for password for every account i try), what im missing ?

EDIT : NVM I’ve found what i was missing

EDIT2 : Rooted ! PM if u need hint

Need help. Someone PM me, please. Don’t know what to upload or what to do after that.

I need help with ssh keys… I have a username and password that are most likely correct but I’m always getting permission denied because of a public key and I have no idea how to obtain it.

edit: Nevermind, i got user, now for priv esc

If anyone can PM me with help on priv esc it’d be very appreciated

Hi, I’m new here so sorry if i post any spoiler.
I have been two days trying different things and I’ve read almost hints at the forum.
Could someone help me? (I don’t know if i need to use ssh or other attack vectors…)
Thank you very much!

Just got root. Many thanks to @Naruto985 for helping me with privesc. A hint: learn about git objects

Looking for help with privesc been stuck for a while now, I can probably see it already but have no clue how to use it, please pm me

i need help with this box, i use xml to get some stuffs but dont really know how to escalate from here

@zealsham said:
i need help with this box, i use xml to get some stuffs but dont really know how to escalate from here

If you can get some files, maybe you should see what ports are open and try to connect the information.

Rooted. Thank you @lokori & @Loss420 Unbelievable how easily I can head down the wrong path and over complicate stuff. Definitely learnt a lot of things I didn’t know.

@lokori & @Loss420 or others who read this: I consider myself to be a noob though I’m not new to programming or security, but at what time do I stop and start reading these discussions in the forums when I’m stuck? I want to solve these by myself, but I realize I’ve been spending way too much time on a box using the wrong approach. Giving an approximate time frame spent for each box would help me save time as I can easily lose track of it. Thank you!

ca someone PM me concerning format of the file…all im getting is internal server error. Even after creating the 3 elememnets and ensuring case sensativity. What am i doing incorrect? are there resources available to assist? The format from OSwap 2017 is also a bust for me.

Finally after over a week of trying to get priv esc I managed to get root! Thanks @s1k for the very helpful tip

Is it possible for me to PayPal someone for an EDUCATIONAL walk through on this type of thing? I’m getting a few bites here and there, but would love to learn the different thought processes behind this box. I’m sure I’ll bang my head on the wall, but I also want to learn the Priv Esc. So no, I’m not wanting you to do this for me. I want to be able to learn these skills and take them with me :slight_smile:

Feel free to PM me if you’re interested or add me on Discord: publicist#2956

Hey so I am at the point where I found the file upload location. I have the syntax correctly I think but when I upload the file I get ERR_EMPTY_RESPONSE. Anyone else experiencing this issue?

Rooted. First box done. Love the way it was done. Took me 4 days but it seemed easy when I finished.

Completed this one yesterday. The initial foothold vulnerability I had never heard of before. For something seemingly so inert that is incredibly dangerous. I love it.
Root was also interesting, got nothing from the usual channels but after digging a bit more I see dev-oops is an apt title.

@poe said:

@skarfaze said:
I’ve got a code 200 with my xml and now I can see the users inside //p**, this is the end of my story :frowning:

Please any hint, I’m dying lol

You need to find something that is as good as a password

Thanks for the hint…got user coz of this. Going to try root now.