Stratosphere

@MalwRecon said:
somebody will help me council how to own root, the attempt to use sudo + hijack py seems has failed (((
probably on this box there are still ways to own root, please any hints guyz

check what u can do with that py

I had all the links to the exploitable app last night working with 200 Ok found.
But now they are all giving me 404 not found.
Can anybody give a hint on why this may be.

Ok, I can get the action for 1+1, but I can’t get any RCE using the examples. What am I doing wrong?

@flux said:
Ok, I can get the action for 1+1, but I can’t get any RCE using the examples. What am I doing wrong?

did you ever tried to google ?

guys i got command execution, but now i’m stuck and i don’t know what to do to get a shell, i found many credentials but useless, any hint?

@MrRobotty said:
i found many credentials but useless

You sure about that?

@phoenix192 said:

@MrRobotty said:
i found many credentials but useless

You sure about that?

i was wrong ahahah, done it

guys a bit of help needed please.
I was able to access the links to the web app exploitable interface included the action thingy. but can’t anymore and I get 404 error code. can any body give a hint or can I DM somebody ?
Thanks

took me time to understand and got hinted about my RCE , improved a bit my way of work, and got root last night .
nice box thanks to the creator !

Any tip on how to use the credentials found through the RCE? The BASIC just keeps returning 401 and the logs do not show nothing (sometimes that the user is locked). Bit desperate in this part. A bit of help would be appreciated. Thx

I am stuck with using the credentials as well. Can someone PM me? Tried a few different things and would really like to check back if anything I did went in the right direction.

Still blocked can anyone PM me ?

I found the credentials, but can not change context.xml and cannot access Tomcat Webinterface…
Any hints??

I solved the challenge with the hashes but it says succes.py is not found. I can’t figure out where to go from here. Any hints?

So without giving anything away… I was able to perform RCE with limited success. some cmds worked like id, who am i, etc. but anything like bind or reverse shells not working. used RCE to look at ps with aux and could see my commands running which hadn’t produced reverse shell. thought I’d revert box. after doing so, cannot perform RCE anymore using same method. Am I missing something??

sorry should have added pls PM me. had to muck around with post as kept getting ■■■ you got root msgs. :slight_smile:

all of a sudden can now do my RCE. still stuck on cmds which I can run. ps with aux shows my commands running and ports listening but no connection made. still need someone to PM me pls

@neomatrix248 said:
I solved the challenge with the hashes but it says succes.py is not found. I can’t figure out where to go from here. Any hints?

basic knowledge of python scripting will give you the answer

What wordlist is everyone using to find this web app? I burned all my wordlists and can’t find it!

so got shell. see script supposed to solve, and solved all but last. googled high and low and cannot find anything, can someone PM me with hints on that last question pls. so thought maybe I should be tricking it somehow but looking at code cannot see how that can work.