Wall

struggling from the rce i can’t get rev shell
any hint ! :cry:

anyone who has rooted it please pm me
i am struggling to get the correct payload to get reverse shell to get command execution
help me

Anyone who needs hints related to brute-forcing the C******* can ping me…I have an easy way :wink:

cracked the c**********, now python CVE not working… tested, using right ip and port , the script says it is triggering succesfully, but nothing is hitting my listener any ideas?

hint for inital foothold:
If you plan to do without script. Learn the application, abuse what you can do.

Rooted. Pretty disappointed with this one. Thanks to the creator, regardless.

currently stuck with /p****.*** , /m*********/ and a*.*** , any tips? been seeing some tips floating around about verbs / teachers? no idea what thats about, maybe be more specific. thanks

Type your comment> @tabacci said:

In this box both exploits did not work for me. But after repairing they work well.
So consider that as a part of the game and happy rooting :wink:

I’m also kind of stuck here… any hint’s on how to repair? (I guess it has to do with changing the value of n*****_b**)

Type your comment> @tabacci said:

In this box both exploits did not work for me. But after repairing they work well.
So consider that as a part of the game and happy rooting :wink:

Its not that they didnt work bro - it had m**sec***** installed …
and second exploits did work perfectly fine for me

i am stuck on www-data shell any hint pls !

Rooted. This box was weird and a bit annoying… Privesc felt like cheating but what I used seemed to be placed there on purpose by the box creator. I exploited c*** manually instead of repairing, reading the code reveals how it can be done.

I have tried rewriting this exploit, and it simply isn’t working. I’ve also tried to exploit manually, but I’m continually getting 403s once I put a space in the input field. I’ve encoded the space and same thing. This is frustrating…

Rooted. Box as a whole seems too contrived. Curious if there’s more than one way to root. Path I took was a bit underwhelming.

Hints for user: once you get past using the right verb, you’ll hit the “wall.” Keep trying different things and you’ll get past it. Can be done from the UI if you understand the exploit. Then enumerate some more to get user, or you can go straight to root and then get user after.

Hints for root: standard Linux enumeration plus another exploit.

Feel free to PM if you’re stuck.

If this is too much to ask just say so but… should I be “dictionarying” m********* or c*******? I’m trying to use h**** for it but I’m new to it so I can’t tell if what I’m doing wrong is syntax or what I’m going after.

Thanks in advance :slight_smile:

EDIT: I think I was using the wrong approach. Tried piping in my passwords of choice to something else that I had come across but though I’d need to know the creds already

Can anyone who did not find the password by “guessing” but by brute forcing- contact me and tell me his/her way to approach ? I build a small script using curl to read cookies+token and use them for request but it fails all the time.

Root hint:
Do your basic enum. and watch the output very carefully. The exploit is straight forward. and once you found it, don’t spoil other people. clean up your tracks quickly. good luck

Init HINT for dumb people like me who can’t find с*******:

  1. First you need to find m*********
  2. to search for m********* you need to do the most common thing that can be done with d**b tool and at the same time not give him anything that is outside of his standard directory.

After that, pay all attention to the found m*********, but, as already said, you do not need brute force!

  1. Then the question arises: what can be done other than brute-forcing?
  2. Here you need a hint about the teacher and verbs.
  3. however, this was not enough for me: note that sometimes a slash can be crucial
  4. after that you should look at what the server told you.
    I hope I haven’t suggested too much?

my nc is not getting anything >< darn exploit… help anyone ??

Type your comment> @Warlord711 said:

Can anyone who did not find the password by “guessing” but by brute forcing- contact me and tell me his/her way to approach ? I build a small script using curl to read cookies+token and use them for request but it fails all the time.

If you know the exploit you need to use, you can easily convert that into a brute force script, that’s how I did it (even after guessing it, I made the script anyway)