Json

So far, I’ve spent more time setting up a Windows VM just to DO THIS BOX than I have actually working on the box itself. Not sure if this is intended or not, but I spent the last 8 hours trying to figure out how to do it in Linux and it doesn’t work.

If anyone has any hints for bypassing this, PLEASE feel free to reach out. I’m on the verge of insanity and really not enjoying myself, lol.

Edit: I figured out how to do it on Linux. But Jesus Christ, that was not a fun ride. Moving forward with this knowledge now though.

What a learning experience that was.

found the two endpoints as others have mentioned been messing around with ys****al, couldn’t get it to generate on kali so used my windows box really not sure if this is the right way to go.

Do i mix cereal with biscuits or keep stringing along :confused:

i think this is “one” way…i tooked it too. wine/cross compiling was a bit too time consumption for me

Rooted. Mixed feelings, didn’t enjoy it much. Learned something new though. Thanks to the creator!

My two cents:

User: Read the source, find A******, play with B*****. Spawn a free Windows VM, you’ll need it!
Root: Vegetable (easy). Didn’t explore another path.

Got the token, tried to modify it to trigger SSTI because one of the parameters reflected on the webpage in a funny manner, got nothing out of it. People mentioning ys******* and I don’t understand how do you get to that point, what’s the link between this machine and ys*******? I see no evidence whatsoever to even think about using ys*******.

So yeah, I’m lost :stuck_out_tongue:

Spoiler Removed

I tried different payloads and none of them gets to code execution, is this the right way?

Awesome box! I’m potato on windows so this box definitely taught me a lot.

Nice box, forced me to learn thing or two about Windows privesc. I got user fast (after I realized that there MUST be space after -n in MS ping…) and then I spent much more time on figuring out how to cook vegetable.

The non-vegetable way to root feels easier to me, more straight forward.

Did someone use the tool POC tool “yso…net”. Is that the right way?

Type your comment> @supercop89 said:

Did someone use the tool POC tool “yso…net”. Is that the right way?

Yeap, thats what i used!

Removed

Got root. The trickiest part of this for me was formatting my payload. Happy to help if anyone needs a nudge

Very good machine, thank you to the creator of the box for his work. :slight_smile:

User:

  • The user part is relatively simple, and do your research well, you will need a special tool to create your payload. The name of the box gives a good clue to continue your way.

Root:

  • There is an interesting program you need to understand (FTP). Try to understand how the program works, and read the functions that will allow you to decipher the information.

If you have any questions, do not hesitate to contact me. :wink:

Finally got there!

User: Cookies and Cereal …yummy! best off making your cereal on a windows box though :stuck_out_tongue:

Root: plain vegetable although for those unfamiliar like myself ensure you use the right OS variable

I am creating the payload and I have no problems with “formatting” but I can’t seem to get past other errors. Tried both of the payloads offered by the tool.

Edit: The cause of my problem was that I used the tool’s encoding function. It doesn’t work if I encode the payload that way but weird enough it works if I encode it with Burp. Wat?

Can anyone give me some suggestions on what source to read on? I think I get the idea, understand the tools that you guys are using, but just don’t understand how it fits in here… How could you pass the json data to the server, and why will it be interpreted in that way? Thanks for the help!

I was able to get command execution on the target but I’m not too familiar with Windows boxes and not sure how to spawn a reverse shell. Anyone have any suggestions or resources to look at?

Edit: For reference I was able to ping my local IP from the target and download a file, but not get a shell.

@gomeznap said:
I was able to get command execution on the target but I’m not too familiar with Windows boxes and not sure how to spawn a reverse shell. Anyone have any suggestions or resources to look at?

Edit: For reference I was able to ping my local IP from the target and download a file, but not get a shell.

Try Meterpreter!