Wall

need support with the cve i can ping myself, so i have rce. but i cant get the revshell to work

nvm, what a pain, got a shell

Type your comment> @3322kr said:

Type your comment> @PanamaEd117 said:

(Quote)
use the most common tool to intercept requests and then look at the responses of the directories you have found

I’ve tried this and can’t figure out what I am missing.

Struggling too on the exploit phase. Altered the script, I’m told to look at my NC listener but nothing. Can anyone nudge me along please.

whats up with /c******n page, wont load for last hour?

#Rooted
PM me if u stuck

Anyone have another way to get root user? Let we discuss.
Lol… I own root user with “One Click”. Hehe

Finally rooted this useless box. Many time was wasted on enumeration and attempts to trigger a reverse shell.
Here are my hints:

  • Enumerate,
  • Hint with VERBS and teacher is very helpful,
  • Enumerate again,
  • Read official docs,
  • Don’t rely on bruteforce tools. Write your own script,
  • Don’t waste time with built-in tool. Download your own :wink:
    Root:
  • Really!? Trust me, you don’t need hints for this :slight_smile:

stuck at the exploit…“check your nc listner” but nothing…i altered the ncat part and added -p XXXX but without success. The exploit works (i think!) but i get no nc (nc -lvp XXXX). any clues?

How can I get the creds for c******?

Type your comment> @RandomPerson00 said:

How can I get the creds for c******?

i did it by brute force method.

Type your comment> @kindominic said:

Can somebody give me a hint with cracking /c******* admin and password? Ive been trying 2 days with hydra and burp suite and cant do nothing

Try some hydra script in page 11 or 12, you’ll some password in 1-2hours

I am stuck here too, but just for with the CVE script- I learned that the script won’t tell you if it hits any errors. You have to modify it to see errors, “Check your netcat listener” is not a success message in this case.

For anyone having as much trouble as I did with the privesc, what everyone is saying is correct, do your privesc check and its staring you in the face, but I want to add to that. If you think you’ve got the right exploit, figure out how to make it work. This is where I found several “walls” to break through.

Stuck on exploit. Looking to run it manually and see what I need to do. Don’t know the creds for c******. Not interested in brute forcing, as they is not why we are here. Any hints would be appreciated.

Type your comment> @buribuizymon said:

Type your comment> @Corsemode said:

I have tried rewriting this exploit, and it simply isn’t working. I’ve also tried to exploit manually, but I’m continually getting 403s once I put a space in the input field. I’ve encoded the space and same thing. This is frustrating…

Facing the same issue. Were you able to resolve it ?

Have you tried to urlencode it?

i finally got past getting the exploit to spit out the creds so thanks @joshibeast for pointing me in the right direction. So now im fiddling through the UI dashboard, and its a first for me as the only other similar type dashboard ive used is Magento&phpmyadmin, but that was strictly db based, so now my goal is to get the xploit to connect to my listener and go from there…Anybody wishing to compare notes on tweaking the script to our escaladvantage, holla@my PM’s…

Is the server broken? Not getting the last token as I was before

I’m still stuck in privesc to root. I see people say that it is easy. I did the basic enumeration and did not know what to look at in the output. Could use a nudge.

I know this box is called wall for a reason cuz there is a wall we need to get past, but ive tried to identify this wall with a couple of methods and both say there is no wall, so im a little confused…yay or nay?

Fixed the script and got inside
Both Root & User are same searchsploitable exploit

Rooted. Funny box but it wasn’t easy for me. PM if need help