Hint for HELP

I am lost in the file extension bypassing
any hint for that?
I have tried with different extension and modifying the content type
but none of them work

Apart from the unauthenticated way,
I have no idea on constructing the n***.*s query

Thanks in advance

@mystory20 said:
I am lost in the file extension bypassing
any hint for that?
I have tried with different extension and modifying the content type
but none of them work

Apart from the unauthenticated way,
I have no idea on constructing the n***.*s query

Thanks in advance

same here. i can find my jpeg file with exploit script but stuck on bypassing the file extension filter … hints will be appreciated.

Thanks.

Are there any changes in the last hours ? I managed to upload and run a shell on this twice but after a reset, nothing seems to work. I already got user but while trying root i found that someone caused havok on the system.

I can find and call .jpg and i was able to upload .php too but stopped to work.

–update–

And of course the second I post another run actually works. Must have been bad luck with the server earlier.

I am having trouble with the upload and run shell one too. I think I know how to get around the filter, but I can’t even get a jpg or txt upload to work. Even with some time travel although the server header responses look like they match my system time anyway.

Now Im really confused. I used the REST alternative to get user and its hash (with one of the previous posts its easy). I cracked the hash and have also password. tried to log in via the lowest port and cannot. What am I missing?

Rooted. I used the obvious way.
If someone knows other ways to root please PM me so we can discuss.

mystified as to how everyone else is getting the script to return results

I’m having some bad luck with the VPN connection so my script fails intermittent.

Managed to get user, working on priv esc now :slight_smile:

So I’m stuck on just getting user. I retrieved some creds from that high port service, logged into the web app using them.

Didn’t see much other than a little bit less blindness.

I did get a fixed up exploit to give me a helpful URL.

However I can’t seem to move past the filtering to execute my shellcode.

Should I have stuck with just the high-port service for getting a shell or is the web app the right direction?

Anyone have any php pages they’d recommend for filtering bypass ideas?

I’m assuming resets would also cover databases and that the challenge isn’t broken from others modifying it.

Fun box! My advice is to examine the upload code and the exploit code closely, and edit as needed – might have to do some manual experimentation. After finding your shell, it’s a quick step to root! Basic, basic enum.

Yeah, I got the upload code part and exploit code finds a URL. However, I can’t get RCE for a user shell.

Man, looks like lots of resets hitting now

i think i know what i need to do but i cant get around the upload filter it’s driving me nuts

I feel like I’m missing something on root…

Looks like someone is messing with the server and breaking the challenge. get a Forbidden message for the web app now.

Anyone have any good links for filter evasion tricks?

I’ve tried all the one’s that Google provided, but none of my ideas worked out.

rooted!
Machine was quite useful, although it is very basic it taught me to actually pay attention to the basics and stop skipping ■■■■. As soon as the route to r00t was hinted I figured out exactly what I did wrong and I won’t be doing that again!

Good machine though

spent hours working on the file extension bypass, including reading source code, any nudges would be appreciated as i’m going insane