You have to see what other image formats are allowed. You have .jpg .jpeg .png and some other ones. try different ones and see what happens> @sudonoodle said:
Really having trouble uploading. Literally, I can’t even upload .png images? What’s happened?
Hey guys, I am stuck for two days on root now… Any hint appreciated! I am on the s**o run script and iread the output already. But still with tons of inputs now I did not find the solution.
I cant make nmap scan… All ports filtered, what I do?
isn’t… try with a deep nmap scan… you will have 2 ports…
Show me this message:
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 19:04 WEST
Nmap scan report for 10.10.10.146
Host is up.
All 1000 scanned ports on 10.10.10.146 are filtered
Too many fingerprints match this host to give specific OS details
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 … 30
Ahh, finally done with networked! I really need to say that some of the people have given dumb and useless hints here like “JuSt EnUmErAtE bRo, ItS rIgHt tHeRe iN fRoNt oF yOu”.
Initial foothold:
Understand the source
User:
Check for pebbles in the path in the source
Root:
It’s too EZPZ but most of the people(including me) didn’t understand how it worked! Just play around user input and there you go!
I cant make nmap scan… All ports filtered, what I do?
isn’t… try with a deep nmap scan… you will have 2 ports…
Show me this message:
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 19:04 WEST
Nmap scan report for 10.10.10.146
Host is up.
All 1000 scanned ports on 10.10.10.146 are filtered
Too many fingerprints match this host to give specific OS details
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 … 30
So im new to reverse shell. Any good papers that explain the process that closley resemble this box? I have the .tar and can see the files but I cant seem to find a good write up on how to use shell. Sorry im a noob.
ROOT: Find the ch…sh file. Read the file. Ignore the ERROR - Message “ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Device guly0 does not seem to be present, delaying initialization”. Try the default linux commands and keep going.
Got user, it was pretty straight forward: Do your regular enumeration and find relevant files and where they exist it too.
On root right now, I think I figured out where it is, it’s just I don’t know how to escape the right character, apparently. Any nudges would be appreciated.
I am reading the c****_a**** file, but I don’t understand, it writes to a file, then deletes the file, it sends some output to /dev/n**l, and sends ma*l (which I can’t access).
Some hints suggested “timing”, but am I really supposed to loop so I can hopefully get the file content before it gets deleted?
Root:
I wasted so much time because of this, but see what you can run as root with your privilege, if the “thing” tells you no privilege to make changes, then you aren’t executing it properly. Execute it properly and errors will dissapear (at least the privilege ones)
shell: upload something
user: add something
root: tell it something
PM if stuck
Hello, i cant upload the pp file to make a rert sh… I change the “Content-Type”, the “filename” to .pg.pp and nothing. I try put some initials bytes from a png image in the request but noting… Im missing something?