Stratosphere

I am in the same position atm, tried exploit but i won’t work and cannot find another attack vector.

I found a username and password, which supposed to login to management Web based GUI , but it doesn’t work and I have no clue what prevents my login! Please PM me if anyone get what I mean and wanna give some clue.

So Ive done enumeration and all the paths that i took ended up being deadends. Can I DM someone for some pointers.

Don’t overlook your enumeration… Sometimes I will overlook stuff that is right in front of me.

Still stuck despite a squllion wordlists thrown at it and reviewing contents of every page and contents and an nmap of every port. On the plus side I know a lot more about the Stratosphere :). Can someone provide a clue? Am I wasting my time with wordlists or trying to brute force a particular login?

same issue, use dirbuster, try to bruteforce login use default credential but still stuck ;(

i too am in the same boat as many of you, have nmap full, have gobusted etc. burp suited it and msfconsoled it, seen a few potential exploits tried msf exploit tried python scripts and a nmap scripts … none of them seem to work…

I feel i am missing something, is this one of those “specific” wordlists type of thing again?

you need more “action” gogogo

HelloWorld make some Action please :wink:

Spoiler Removed - Arrexel

can i have some hint for privs esc? Spoiler Removed - Arrexel

Spoiler Removed

@Elephant7oast said:
Am I wasting my time trying to bruteforce the login? I have tried almost everything, a small nudge would be great :]

lights camera ( .ACTION )

Hello! wanted to ask about the tomcat credentials.
I’ve exploited the thing and got RCE, but I have no way to scale to a full shell since the tomcat creds are not working, and they are from the conf file… :confused:

Am I missing something? Thanks

Can someone take pity on me and tell me what the heck I’m going wrong trying to get a shell

Hi, I have exploited the thing and got RCE, but I cannot find a way to upgrade to a full shell with nc. When i try to get shell with netcat i saw ‘connection timeout=3’ error on results. Any help will be very good.

i find username and password but i cant access the manager , what happen ?

got user and found the script, completed the ‘challenge’ but the next script it tries to run is not found. Completely stuck!

nevermind, got root!

Totally in front of the wall.
I did enumération, nmap, dirb, and nikto but nothing…
I’ve also find some idea for exploit but it’s not working.
I’ve no idea of what to do…