@ashr said:
9a7d3e2c3ffb452b2e40784f77723938/573ba8e9bfd0abd3d69d8395db582a9eWas anyone able to access the above ? I’m stuck again in the restricted shell this time, can’t see my way forward without bof. I’ve tried add/remove funkiness on the admin side, but can’t seem to get anything to run there or to change the behaviour of the mechanisms involved. Does this involve guessing action names and parameters ?
So frustrated now, i’m starting with overflow, but would still like a tip for the other way(s), either way answering the above two question will help me, thanks.
Go back to the shell you were in when you found the 9a7*/573* thing. Have a closer look at all of the files and you’ll certainly find some other useful bits of information. Armed with the info in these files, you can manually do the same but with evil intent. No guessing needed and privesc didn’t require bof.