Carrier

Just in case anyone struggling to get that initial rev-shell and only gets a non-interactive/non-responsive shell (literally no output to any of the commands), maybe the ‘door’ used by the connection to come back is too small and secured.

Hi, I’m new, I’m on the web but I do not know how to continue. someone could give me a hand.

@darkkoan said:

@mrothenbuecher said:
@darkkoan Percent-encoding - Wikipedia

Thanks man - got it.

please, can you PM me as i stuck the same!

I’ve got root access first machine… got a t*t connection with za, am I going the right direction? Dont know what to do for the next move…

edit: answer is no.

I need help, can’t get the reverse shell via the RFE as everytime I change the parameter I get no output… help me please!

I’ m confused, got root shell but root.txt is nowhere to be found?

Hello,
I have got user and rev shell. Stuck on PE.
Know that I need to use B** H*****ing. However, I do not know how to do it. Kindly ask you about a hint.

@Ac1d0 said:
I need help, can’t get the reverse shell via the RFE as everytime I change the parameter I get no output… help me please!

Hello,
Someone has posted a link with different rev shells. Did you try one of them?
PM me with your code.

Is it possible to escalate without interactive shell?

Once you get a shell, getting an interactive one will not be a problem

Need help with privesc. The changes I’m making are not giving me the traffic I’m looking for.

Done!

So glad to have got this box rooted and off the to-do list.

Thanks to @snowscan for a unique box.

Thanks to all who helped it was really appreciated!

Same here … wow this box definitely though me a lot …!!! Quick question though, does anyone know what secretdata.txt is for?

Wow! It was an amazing machine and it made me learn so much. Huge thanks to @jkr and @pikey301 for leading to clue.

Can someone give me advice on RCE with this plz? I’m new to this sort of scenario. I understand it’s to do with the V***** S***** on the D********** page but I’m unsure how to execute.

@tiger5tyle said:
Can someone give me advice on RCE with this plz? I’m new to this sort of scenario. I understand it’s to do with the V***** S***** on the D********** page but I’m unsure how to execute.

There is a button on the webpage that executes a query/command…
Find out how to add your own cmd (using the same language spoken) and listen

I’m stuck as root on first shell.
Network enumerated, playing with vth, dumping the packets with t***p and analysing but can not figure out a attack…

I believe I am almost there but need a nudge to guide, anyone please?

It took me more time to get user than root. I think torking as a net admin gave me an advantage.
What I don’t know now is what to do with ‘secretdata’ I’m sure it has something to do with the prince. Any suggestions?

any hint on RCE? except for parameter name and encoding…

Can someone PM me a hint for the RCE part? I’ve identified where to exploit it, I think I’ve traced out what’s going on when the button is clicked, but everytime I try to encode (and I’ve tried several different encodings) a command to be executed, I get no output.