Json

Type your comment> @Isyber said:

anyone used ys******l on kali, if you managed a way to do that on kali please PM me

Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

@zelensky said:
Type your comment> @Isyber said:

anyone used ys******l on kali, if you managed a way to do that on kali please PM me

Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

Having a windows VM isn’t so bad, it is super helpful and probably something everyone should have anyway, right? There’s no compilation required, just grab a release zip.

@zelensky said:
@Isyber said:

anyone used ys******l on kali, if you managed a way to do that on kali please PM me

Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

Just use what’s already on the tool web page.

Got user still work on root
hint for user-The friday 13th

Do I need to enumerate the APIs I’ve found somehow? I have found the creds. Trying to avoid asking too much info but I’m a bit stumped with the next step.

Rooted at last, nice stable box. User can be a bit tricky especially when using tools you’ve never used before. Not sure if i rooted the right way though because it seemed too easy. Never used the credentials I found anywhere.

locked in last part… no way to have a juicy session. Hints are well accepted!!!

Rooted. Feel free to reach out if you’re stuck.

Rooted finally. One helpful tip don’t forget to reset the box if nothing seems to work. Understood it after 5-6 hours.

Nice box, user was a pain but only because I was tripping myself up with stupid mistakes. Root was very easy, especially when you consider how lovely @TsukiCTF is :slight_smile:

Rooted, Nice Box :slight_smile:

Rooted pretty straight forward box. Pretty much everything is already said in the forum. If someone who did it completely on Kali could PM me on how to do it I would greatly appreciate it :smiley:

My jp is erroring out while providing the -c argument. Did anyone had similar issues? How do i fix that? I have everything together I guess.
I’ ve seen that there is an issue on the gitrepo that cover that. It should work fine they said.
kindly asking for help.

edit: finally got everything to work. But it was worth the hassle!

Feel free to ask for a nudge. Just tell me where you are stuck at and what you’ve tried so far.

Type your comment> @krypt said:

I am creating the payload and I have no problems with “formatting” but I can’t seem to get past other errors. Tried both of the payloads offered by the tool.

Edit: The cause of my problem was that I used the tool’s encoding function. It doesn’t work if I encode the payload that way but weird enough it works if I encode it with Burp. Wat?

Same happened to me (Wasted a morning :/). The last char doesn’t copy when you double click the string to copy it. In Burp you probably selected the string manually.

Has anybody wrote a python script to get user shell? I was able to get a shell manually through Burp (I can provide proof)… but I am interested in learning python scripting. I am trying to script this so that I can just run the py and get the shell.

Did anybody do this and wants to share their code with me? I am struggling on it because I am new to python.

Type your comment> @WiseGuy said:

Has anybody wrote a python script to get user shell? I was able to get a shell manually through Burp (I can provide proof)… but I am interested in learning python scripting. I am trying to script this so that I can just run the py and get the shell.

Did anybody do this and wants to share their code with me? I am struggling on it because I am new to python.

Will DM you

Hi all i’m stuck at initial foothold:

  • found /a** /at and /a /tn
  • found P*******.tt under /f**s/ (but i don’t know if it is useful)
  • found some users in index.html (but i don’t know if it is useful)
    but i cannot go on. what I must see but i cannot see? can anyone help me?

EDIT: got user, now trying privesc

For someone who’s completed user: Can you PM and potentially compile for me? I have a WinVM and looks like it runs fine, but get errors with the site d****ing my input. Willing to explain quickly where I am so you know I’m this far… Not sure if it’s just my VM

Type your comment> @daedalusx said:

For someone who’s completed user: Can you PM and potentially compile for me? I have a WinVM and looks like it runs fine, but get errors with the site d****ing my input. Willing to explain quickly where I am so you know I’m this far… Not sure if it’s just my VM

You do not need a WinVM, these can be craft by hand. When I was sending my payload, it keeps erroring out, and I was not watching my output terminals so I thought it was not working. So watch your return terminal and give it 2-3 minutes to response.

Type your comment> @j4v40n654n said:

Type your comment> @daedalusx said:

For someone who’s completed user: Can you PM and potentially compile for me? I have a WinVM and looks like it runs fine, but get errors with the site d****ing my input. Willing to explain quickly where I am so you know I’m this far… Not sure if it’s just my VM

You do not need a WinVM, these can be craft by hand. When I was sending my payload, it keeps erroring out, and I was not watching my output terminals so I thought it was not working. So watch your return terminal and give it 2-3 minutes to response.

Yeah, for some reason there must’ve been some extra characters in my output that was messing up the payload…finally got it working and just finished root :slight_smile: