Hello! I have done a TON of research on anything that I have found myself unfamiliar with while doing this box and have learned soooo much! I picked this box because JSON hacking is an area I am not comfortable in. However, it seems I still have just enough gaps in my knowledge to not quite understand how to get user.
So far:
Got past login easy
Found /a__/t___ and /a__/a___s
Understand what these are doing
Have mapped out the application and the related services etc
Understand the vulnerability to exploit and how it works
Understand how to craft a payload to exploit the vulnerability
Essentially I feel I can’t seem to understand how to locate where I should be sending my payload, how said vulnerability and attack should be executed in this context, and what to do with the information I have now in order to proceed with this form of attack.
I think everything I need is right in front of me but I can’t put the last pieces of the puzzle together. Any help is greatly appreciated! I would also be grateful for any resources that may help me educate myself on this subject more! Thanks
I’m trying to get a little further for a looooong long while now, but im really stuck. So i’m reaching out to you guys.
I know i need to use the Yal.N tool. But i have no idea how to use it and more importantly, where to use it. I’m fuzzing with the /a/t** page and think this is where i have to inject. I also generated a HTTP 500, is this where i can find my info for the serial tool?
Can someone give me a nudge on where to inject and maybe which module to use?
Thank you!
-Edit:
I think i got a little further. I know where to inject. It’s the B***er if i’m not wrong. I got the system to talk back now. Just have to adjust my payload
i am stuck in root . i think i find correct exploit. but there is ID option which can differ depends on OS. I test this id with test script, find one value but still failed.
I have rooted this machine using a kernel exploit but I am very interested if there is another way (lets say somekind of misconfig). Pm me please in case u know
I have tried all the exploit suggested by the metasploit Windows Exploit Suggester and powershell Sherklock. However, none of it can help privilege escalation. Who can PM me which exploit I can use to do windows privilege escalation?
After a nudge for the initial foothold, I’ve found the p******.t** file (think it’s useless) and have tried username enumeration (attempting to get a different http response but to no avail). Not quite sure if i’m looking in the right places
Stuck on initial foothold.
General noob question:
Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?
Stuck on initial foothold.
General noob question:
Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?
Stuck on initial foothold.
General noob question:
Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?
I have generated a payload using ys#s##al
However when trying to send the payload using burp I get the following message:
{“Message”:“An error has occurred.”,“ExceptionMessage”:“Invalid format base64”,“ExceptionType”:“System.Exception”,“StackTrace”:null}
For the inital foothold I managed to create a ping payload which works, but I fail to create a payload that would either give me a rev shell back or transfer files to victim. Can someone give me a nudge on getting the payload right?
UPDATE:
rooted!
User: When constructing the payload, think about special characters.
Root: Nothing really to add here. A lot of hints already here in the forums.
LOST. Just… lost.
Intercepting requests, see the potential attack vector. Not sure how to actually execute it.
Please could someone PM me to discuss… Really stumped with this one.