Wall

Hi everyone, honestly it’s driving me crazy. Yesterday I successfully got access to w**-d*** , found user folder, but I used CTRL-C which kicked me out of shell and now I can’t access it again, neither with script nor manually, even tho I get correct answer from server.

Edit: Somehow, machine doesn’t allow to connect me twice from the same port, don’t really know if it’s bug or something that I don’t understand. So If you connected, and can’t connect again, just try other ports. Hope that does not spoil anything.

Edit2: Feels, like something broken. Got inside with two different methods. Sometimes they works sometimes not. Honestly don’t know anymore what is wrong with this machine.

Is anybody getting Forbidden status code on /c******/m**.**.php ? POST request

Can somebody please tell me how to get into c*******?

What a box, frustrated at first. But actually pretty fun. I repaired the script and got in like that.
PM for hints.

Hi guys, any hints for privesc? I’m currently in w**-d***.

Hello, Can someone help me? I found the RCE for c********. but I was not able to exploit it. I tried a simple ping but no response from the machine. Please DM me to help.
I obtain in every case “you don’t have permission to access /c********/m***.. on this server.” any tip?

Type your comment> @wohax0r said:

Hello, Can someone help me? I found the RCE for c********. but I was not able to exploit it. I tried a simple ping but no response from the machine. Please DM me to help.
I obtain in every case “you don’t have permission to access /c********/m***.. on this server.” any tip?

Same here. But %20 causes the denied.
Will look again tomorrow

Can someone send me a hint on finding the credentials? I am really confused.

Hey all,

I stumbled upon an executable called Wall and thought it might be related to the box, since they have the same name and its permissions seemed interesting. I spent up to 4 hours trying to exploit it :smiley: untill I took a look at my one PC and found the same binary with the same permissions.

I couldn’t find anybody in here speaking about this binary before so I was wondering if this is related to the box or not.

Hope this is not a spoiler of some sort

Spoiler Removed

Rooted.

Hi,
I would like to have help to perform the c****** exploit manually: in understood that I should create sper and configure the m*** bin before triggering it
I also understood why “Wall” …

Would someone help me to have foothold ?

Any hints on how to bypass the waf? pm please

Just completed.
Still do not know, what is the proper way to find the login page -:slight_smile: Really no clue -:slight_smile:
I found it following hints on this forum. Need probably wait for write-up to get known, how to do it properly.
After finding this page the rest is relatively easy. Some people mentioned WAF, but I did not notice. After getting shell directly to root.

hi, I need help… /c******* LP

hello, got access to c******n, tried different payloads, tried to bypass wall, but it is not working. Can someone DM me to give some hints on the payload?

Need help with bypassing the WAF… Tried almost all the payloads that I can find but always getting 403 when updating the payload. I would appreciate if some can DM me a hint for finding/creating the correct payload.
Thanks in advance!

Type your comment> @Luc1f3r1921 said:

Need help with bypassing the WAF… Tried almost all the payloads that I can find but always getting 403 when updating the payload. I would appreciate if some can DM me a hint for finding/creating the correct payload.
Thanks in advance!

There is a joke in which a man complains at the doctor: “When I touch my shoulder, it really hurts.When I touch my knee - OUCH! When I touch my forehead, it really, really hurts.” “I know what’s wrong with you. You’ve broken your finger!”

You should find the “finger” (maybe more fingers) which is part of all your payloads and substitute it.

ok rooted.

really nice box to learn to get foothold. Didn’t like the PrivEsc, mainly because I did the unintended way I guess. (I guess) Still, just the exploiting part was great.

Hints: Wait for the code to run. I spent 2 days thinking what I was doing wrong because it won’t run.
If you have troubles with the payload, remember IFStatments. (If it’s a spoiler, please remove)

Root and user were easy.

Thanks to @askar for the box and @Ma1ware and @bumika for the hints. They helped a lot.

Need help with bypassing the WAF… I would appreciate if some can DM me a hint
Thanks in advance!