@madhack said:
ok found c******* but did not get in to m********
do i need to get in there first because the cve ask for creds?
i was able to brute force the password, others are saying that isn’t necessary, id like to know how they did it
@madhack said:
ok found c******* but did not get in to m********
do i need to get in there first because the cve ask for creds?
i was able to brute force the password, others are saying that isn’t necessary, id like to know how they did it
I managed to get user, but unsure how to escalate to root now…
.
Rooted. Man, I have mixed feelings about this box. On the one hand there were some parts of this that were needlessly/unrealistically annoying, like the 403 errors during the user portion. On the other hand I learned some things and found new ways around filters because of this box.
Can some give me a tip/PM for implementation of the priv escalation. I think I am on the right way. But the sticky cve thing don’t let me pop a root shell. When I try to reverse shell I can’t redirect stdin/out for known reasons.
Type your comment> @cr0ssbon3s said:
Rooted. Man, I have mixed feelings about this box. On the one hand there were some parts of this that were needlessly/unrealistically annoying, like the 403 errors during the user portion. On the other hand I learned some things and found new ways around filters because of this box.
Any hint to avoid the 403 on the user phase (m***.g**.p**)?
Finally rooted ! . i have gain the knowledge on Cen****n and WAF filters.
The previous comment was meant for the postman box, sorry about that. I hope I didn’t throw anyone off. My previous post has nothing to do with this box at all. Here - http://urfsecurity.info/posts/linuxprivesc/ please remove if this is a spoiler.
I’ve already modified many times the script, the standard one didn’t get the right token. But requests to m+++.g++.p++ always get 403.
NVM got it. First time it didn’t work… PM me if you need help.
İ found c**** , now should I brute Force ? Hint me pls
Guys, getting the reverse shell is pain, found the CVE exploit and modified it but still cant get response in my ncat listener, im totally stuck. help me please.
I just uploaded a new version of the exploit on Github. It should make debugging and editing the script less painful.
Can’t post the link here b/c spoilers, but it should be easy to find if you know what you’re looking for.
Overall, I really didn’t like this machine. It was all about the things I hate most in CTF.
Type your comment>
@GetGetGetGet said:
Overall, I really didn’t like this machine. It was all about the things I hate most in CTF.
+1
Priv esc. to root was the same as on a retired machine. Overall, the machine was a pain.
Does anyone have websites/resources explaining why the “VERB” hint works? Seems like a purely CTF trick, but curious if this is really a common vulnerability in the wild, and also why it works.
Type your comment> @reedsee said:
Does anyone have websites/resources explaining why the “VERB” hint works? Seems like a purely CTF trick, but curious if this is really a common vulnerability in the wild, and also why it works.
It is an artificial configuration option and I think there is no System Administrator on the Earth who chooses it.
Finally I managed to get a shell. Any hint to get from w**-**** to s****y ?
edit
rooted
Can someone PM me a hint? i have discovered the m…php a…php and p…php page but i don’t know how can i bypass or login in m…