Here is another one of my writeups! This time Blocky: https://v3ded.github.io/ctf/htb-blocky.html
I will have to play around with jad, I just unzipped the jar files, not nearly as clean. I have seen gobuster a lot lately, any benefits to use that instead of dirbuster or wfuzz?
nice write-up ....
But u can escalate privilege using www-data shell also ...
I have done both ways successfully.
Gl0b0 - any directory bruteforcer that works for you is fine. Personally I never used wfuzz and dirbuster has silly error pop up messages which get annoyoing after some time. Dirb can be used as an alternative but I like gobuster more because as provides threading support. Hope that helps!
Thanks for bringing that to my attention Agent22 - I will take a look into it. Once I find how (dunno when) I’ll add it in!
I used CVE-2017-6074, which isn't really stable. Show a few other rabbit holes in my video, such as getting a shell through FTP. Which would have worked if the SSH was set to only allow cert based logins.
Thanks @ippsec , your video was awesome! Learnt a thing or two as always.
Nice writeups guys. I'd definitely recommend jd-gui for decompiling the jar. No need to extract any classes or anything when using it. Also @ippsec got it, https://www.exploit-db.com/exploits/41458/ (4.4.0 kernel doublefree) will work most of the time from what I have heard as a backup esc method. Some people mentioned having to modify it to grab the flag automatically, as it does make the machine very unstable.
@Agent22 How did you do that?
Uploaded the shell via Wordpress and then used the Creds or any Exploit?
@jinxbox check out the second half of ippsec's video
Click here to create an account.