wow I must say after fixing the netcat issue and using the correct method and landing a shell as user during the exploit I was able to without adding any keys execute a privesc and achieve root shell but after that it took no more than 15 20 minutes from the time I exploited it with a correct shell to about the time i was able to land a root shell and find what I was looking for I see one last step to get to the war chest which I think is a jdbc connection from some leaked sauce if I am correct not only was this a little diff as I was not able to find the root.txt which means You guys stepped it up I like this and if the extra 20 minutes from landing a shell to getting privesc scares you jeez this is easier than most boxes privesc wise to me logic wise
and being a linux noob I would know that almost everything priv esc is hard in the beginning this made it both logical and easy.
help plz
machine-ghoul
i am stuck at the file upload at ip:8080/index.html
i know, i suppose to upload a reverse shell there but dont know how to bind it into jpeg file. i have search about it , nothing found. please help
Root was a lot of fun, had to automate pretty much everything, especially the last stepā¦ Probably the worst machine Iāve seen so far, but in a good way.
Seems like the service on :80 is broken/hung at this point. Iāve reset the box a couple times and it doesnāt seem to fix it. I was poking around at this box earlier this week without that problem. Now it just wonāt really respond.
Edit: Switching to a different US Lab doesnāt help.
Do I need to target the login or the upload first? Found probable pass for #1 but no matching username so far and all the folders I looked into for the upload seem like dead ends.
Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.
I think I know the issue.
Itās because someone else is also using the same repo name.
If you donāt clean it up that will happen.
try changing the repo name.
It should work then
@Lorcheiro said:
Know about the authentication port but no idea of creds, are they in rockyou.txt? Should I guess? Are they related with tokio ghoul? DM me, thaanks
Am I daft? Iāve enumerated both sites both with custom wordlists and more āstandardā ones but I still canāt find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?
@Xentropy said:
Am I daft? Iāve enumerated both sites both with custom wordlists and more āstandardā ones but I still canāt find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?
This is type of insecure file upload related to extracting file from archive.