Rooted. Man, I have mixed feelings about this box. On the one hand there were some parts of this that were needlessly/unrealistically annoying, like the 403 errors during the user portion. On the other hand I learned some things and found new ways around filters because of this box.
Any hint to avoid the 403 on the user phase (m***.g**.p**)?
The previous comment was meant for the postman box, sorry about that. I hope I didn’t throw anyone off. My previous post has nothing to do with this box at all. Here - http://urfsecurity.info/posts/linuxprivesc/ please remove if this is a spoiler.
Guys, getting the reverse shell is pain, found the CVE exploit and modified it but still cant get response in my ncat listener, im totally stuck. help me please.
Overall, I really didn’t like this machine. It was all about the things I hate most in CTF.
Negatives:
Lame CTF tricks to find foothold (i.e. what you do at m********g)
Web-app brute-forcing. It might not take long to crack but it’s still a pain that doesn’t really add much to the machine.
Sloppy exploit code. Unfortunately this is realistic, but I hate when exploits don’t use functions, or aren’t written for readability, or have hard-coded values that make the code break easily.
Unrealistic defense. In this case, it seems like the app’s defense is written specifically to make using the exploit a pain. Realistically, I think an admin who knows about this exploit would update to a version that’s not vulnerable. I also think the 403 code is misused and deliberately misleading, but admittedly an admin trying to prevent an exploit wouldn’t want to help attackers debug…
Does anyone have websites/resources explaining why the “VERB” hint works? Seems like a purely CTF trick, but curious if this is really a common vulnerability in the wild, and also why it works.
Does anyone have websites/resources explaining why the “VERB” hint works? Seems like a purely CTF trick, but curious if this is really a common vulnerability in the wild, and also why it works.
It is an artificial configuration option and I think there is no System Administrator on the Earth who chooses it.
So, I figure there are two ways to get this. “Very good OSINT skills” or VERBS.
English teachers can be very good at monitoring their class. Often times, if you use the wrong verb, they wont let you go. If you use different VERBS, maybe they’ll let you go or at the very least they’ll be more talkative.
There are lots of verbs in the dictionary, but really you only need to know, like, six of them. Especially when trying to get a foothold.
So while trying to get user (trying to add p****** or h*******), I am getting a lot of Forbidden (on m*****.g******.p*****). Is this meant to happen?! I’d appreciate some guidance!