Hello, Can someone help me? I found the RCE for c********. but I was not able to exploit it. I tried a simple ping but no response from the machine. Please DM me to help.
I obtain in every case “you don’t have permission to access /c********/m***.. on this server.” any tip?
Same here. But %20 causes the denied.
Will look again tomorrow
I stumbled upon an executable called Wall and thought it might be related to the box, since they have the same name and its permissions seemed interesting. I spent up to 4 hours trying to exploit it untill I took a look at my one PC and found the same binary with the same permissions.
I couldn’t find anybody in here speaking about this binary before so I was wondering if this is related to the box or not.
Hi,
I would like to have help to perform the c****** exploit manually: in understood that I should create sper and configure the m*** bin before triggering it
I also understood why “Wall” …
Just completed.
Still do not know, what is the proper way to find the login page - Really no clue -
I found it following hints on this forum. Need probably wait for write-up to get known, how to do it properly.
After finding this page the rest is relatively easy. Some people mentioned WAF, but I did not notice. After getting shell directly to root.
hello, got access to c******n, tried different payloads, tried to bypass wall, but it is not working. Can someone DM me to give some hints on the payload?
Need help with bypassing the WAF… Tried almost all the payloads that I can find but always getting 403 when updating the payload. I would appreciate if some can DM me a hint for finding/creating the correct payload.
Thanks in advance!
Need help with bypassing the WAF… Tried almost all the payloads that I can find but always getting 403 when updating the payload. I would appreciate if some can DM me a hint for finding/creating the correct payload.
Thanks in advance!
There is a joke in which a man complains at the doctor: “When I touch my shoulder, it really hurts.When I touch my knee - OUCH! When I touch my forehead, it really, really hurts.” “I know what’s wrong with you. You’ve broken your finger!”
You should find the “finger” (maybe more fingers) which is part of all your payloads and substitute it.
really nice box to learn to get foothold. Didn’t like the PrivEsc, mainly because I did the unintended way I guess. (I guess) Still, just the exploiting part was great.
Hints: Wait for the code to run. I spent 2 days thinking what I was doing wrong because it won’t run.
If you have troubles with the payload, remember IFStatments. (If it’s a spoiler, please remove)
Root and user were easy.
Thanks to @askar for the box and @Ma1ware and @bumika for the hints. They helped a lot.
I couldn’t get RCE to work. I found that i should escape some characters and did them. payload uploaded successfully but doesn’t seem to run. Help please…