Stratosphere

you need more “action” gogogo

HelloWorld make some Action please :wink:

Spoiler Removed - Arrexel

can i have some hint for privs esc? Spoiler Removed - Arrexel

Spoiler Removed

@Elephant7oast said:
Am I wasting my time trying to bruteforce the login? I have tried almost everything, a small nudge would be great :]

lights camera ( .ACTION )

Hello! wanted to ask about the tomcat credentials.
I’ve exploited the thing and got RCE, but I have no way to scale to a full shell since the tomcat creds are not working, and they are from the conf file… :confused:

Am I missing something? Thanks

Can someone take pity on me and tell me what the heck I’m going wrong trying to get a shell

Hi, I have exploited the thing and got RCE, but I cannot find a way to upgrade to a full shell with nc. When i try to get shell with netcat i saw ‘connection timeout=3’ error on results. Any help will be very good.

i find username and password but i cant access the manager , what happen ?

got user and found the script, completed the ‘challenge’ but the next script it tries to run is not found. Completely stuck!

nevermind, got root!

Totally in front of the wall.
I did enumération, nmap, dirb, and nikto but nothing…
I’ve also find some idea for exploit but it’s not working.
I’ve no idea of what to do…

Got RCE found a few creds to what seems like nothing lol a hint on what to do after rce… can’t seem to get a proper shell back. but I’ve been reading the file system and finding a lot of rabbit holes. A tip would be nice

@snowyDEN said:
Got RCE found a few creds to what seems like nothing lol a hint on what to do after rce… can’t seem to get a proper shell back. but I’ve been reading the file system and finding a lot of rabbit holes. A tip would be nice

Same here, a nudge would be appreciated.

If you have RCE you can reverse shell it… I didn’t manage to find the entry point yet. I am still enumerating and searching in a specific file that I manage to download

Is anyone else having trouble taking ACTION and running the appropriate exploit for a reverse shell? I can’t seem to get it to work correctly.

Looking for an entry point still can’t seem to find what I need. Found a file to download and went through it but still nothing. Need a nudge.

@zyaya said:
If you have RCE you can reverse shell it… I didn’t manage to find the entry point yet. I am still enumerating and searching in a specific file that I manage to download

Yeah, need to revisit methodology. I can get a shell returned but it dies can’t seem to handle std out. I’ll try more later. Oh if you get send me a hint. Thanks.

@NINGEN said:
Is anyone else having trouble taking ACTION and running the appropriate exploit for a reverse shell? I can’t seem to get it to work correctly.

Try use Burp as proxy. Strato seems to have some problems with communication (cant say if it is intended).