Craft

so having trouble navigating to two subdirectories on this box. Not connecting to *.craft.htb. what am i missing?

im so stupid… sorry everybody for my previous comment. Im at a loss for words

I am stuck attempting to get an initial foothold. I have found the credentials, can generate a t**** successfully, have found the exploitable e*** in the code but having trouble exploiting it to get a reverse shell. Any tips or pointers would be greatly appreciated.

Rooted.
root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

Root was so easy.
as i said before making initial foothold stable was the most time-consuming part for me.
the rest was so straight forward just enumeration gives you almost everything.

Feel free to pm me for any help. Just don’t expect for direct solution i will try to show you the path

Anybody free to give me some pointers? I’m at my wits end here trying to craft (no pun intended) the exploit… thanks!

Interesting machine. User was pretty cool.

PM if anyone needs some help.

Rooted. It was a really fun box. Had the most trouble on foothold and user.

root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

PM if you need any help.

i know the e*** is the vuln and where to insert the code but can’t get the freakin thing to work. What is wrong with syntax?!? escaped quotes with \ but no dice. what am i doing wrong

If you have issue with getting reverse shell, do not use CURL. Use Burpsuite.

I found the RCE and exploited the e*** function to send a ping back to myself, but I’m having trouble getting a reverse shell. Any tips?

.

@6d6a6c said:

Ah I was trying it in burp without success, but I will give that a try. Thanks man

@NostromoLain said:
I found the RCE and exploited the e*** function to send a ping back to myself, but I’m having trouble getting a reverse shell. Any tips?

set it all up on your local machine. Two terminals. One with your listener. One executing the reverse shell you want to use in the way you want to use it. Local machine to local machine. You can at least see that it can work. After that you just need to find one works from the remote machine.

Type your comment> @6d6a6c said:

set it all up on your local machine. Two terminals. One with your listener. One executing the reverse shell you want to use in the way you want to use it. Local machine to local machine. You can at least see that it can work. After that you just need to find one works from the remote machine.

Gotcha, Thanks again!

Who can help with htb dns? I added craft.htb to hosts, but rest subs don’t work.

Type your comment> @sudo4live said:

Who can help with htb dns? I added craft.htb to hosts, but rest subs don’t work.

you need to add more entries to your hosts file…

Type your comment> @cerberusec said:

Type your comment> @sudo4live said:

Who can help with htb dns? I added craft.htb to hosts, but rest subs don’t work.

you need to add more entries to your hosts file…

With the same IP? Or where can I find gogs IP?

Type your comment> @sudo4live said:

With the same IP?

try it and see what happens

Type your comment> @cerberusec said:

Type your comment> @sudo4live said:

With the same IP?

try it and see what happens

wow, thank you - it worked! probably it checks the referrer to route …

Can someone give PM me a clue? I’m user, I’m pretty sure I know the way to get root (v**** o**), and found a command that should grant me root, but the o** i get doesnt work, I dont get access. I’m a bit lost.