i’m in the admin panel ,i understood how the user integrates with admin but i am stuck at rce…any good hints? the pd* injection with malicious code is not working or at least i can not do it
Not sure you can get an RCE over this. Try thinking about ways you can get it to leak information that you can use to get access. If you google one of the OWASP 10 and the thing you are trying to inject into, there is a blog post which can give you clues. With these clues you can build an attack.
thanks i will try it ,for the moment the box is crashing pfffff
anyone able to help out with root? I’ve been at it for days. found the exploit, can trigger it manually but no shell back. i’ve read several articles about different scenarios, and uses, asked multiple people for help. I did get responses back but very vague and i’m just too dumb for this one.
Hi guys, can you give me a nudge?
I have a way to take ‘Admin’ account,
I tried changing the name of my ‘user’ account to standard injections.
I tried uploading malicious .f files as user and then “exporting” as admin(through C*********), nothing so far… and I feel im out of ideas.
Hi guys, can you give me a nudge?
I have a way to take ‘Admin’ account,
I tried changing the name of my ‘user’ account to standard injections.
I tried uploading malicious .f files as user and then “exporting” as admin(through C*********), nothing so far… and I feel im out of ideas.
Dont focus on the file itself. Think about what you could do in the other fields. It does need a bit of “outside the box” thinking here because its an attack you would normally expect to see an information leak in your browser.
But in this case, you need to be creative and think where it might end up.
i’m using a technique that’s supposed to send some information to my server when i generate the c*********** file. not sure if this is correct. i’m not seeing any connections. if someone could pm me a hint.
i’m using a technique that’s supposed to send some information to my server when i generate the c*********** file. not sure if this is correct. i’m not seeing any connections. if someone could pm me a hint.
I never managed to get it to send data to my local machine like that.
anyone able to help out with root? I’ve been at it for days. found the exploit, can trigger it manually but no shell back.
Why do you need it to give you a shell? There are other ways you can make it give you what you need to access the box as a privileged user.
you’re right.
i finally got it today. thank you … every person on htb. i hit up everyone, mainly because i needed so much help i didn’t want to annoy one person too much so i moved on to someone else.
once i got it i looked at all the files in the home dir and many things became clear. Still have questions though, need to look into this more.
Hated this box while doing it, ■■■■ good job @MrR3boot
Having to race multiple people trying to do the same thing for accessing the admin page is neither a learning nor a pleasurable experience.
More like an exercise in futility.
Finally rooted! Thank you @MrR3boot for all these sleepless nights
It was really great experience to finally obtain user flag and then root one. Learned few interesting techniques.
Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.
Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.
I am having the same problem, I have a feeling that we’re missing something important. but I have a script checking content length of every url I found. So far I got nothing
I found that, i had to revert the box once or twice to get it to work. for some reason it would work, and then it wouldn’t. After revert it would work again. To lazy to find out why.