Canape

Enumerate more, you probably missed something.

Hi! I need advices about the programmig language utilized for write the Simpson’s Fan Site. PM please! Thanks!

I have an initial shell and some idea on where to go next. anyone who has user.txt up for letting me bounce ideas off of them? or anyone in the same position?

pm me.

Thanks.

trying to get rce but in a pickle , anyone have any ideas to bounce around to get the code working

@illwill said:
trying to get rce but in a pickle , anyone have any ideas to bounce around to get the code working

Send me your code! I am able to execute code, close to reverse shell!

got a reverse shell but the surprise was there is no user.txt, any hints to move forward, I did a lot of enumeration with the limited shell but nothing working till now.

User.txt is found when you pwn user account. You are probably not user yet

I’ve recreated the vulnerability on my local machine. I can get RCE, however, when I try to mimic these same techniques to the HTB machine I’m not getting a shell. Am I approaching this the wrong way? I guess I can look at LFI possibilities, but maybe I’m using a technique that isn’t supported or wrong port.

@sheeets said:
I’ve recreated the vulnerability on my local machine. I can get RCE, however, when I try to mimic these same techniques to the HTB machine I’m not getting a shell. Am I approaching this the wrong way? I guess I can look at LFI possibilities, but maybe I’m using a technique that isn’t supported or wrong port.

Depends on which vuln you’re talking about :slight_smile: PM me if you want

got a reverse shell but > @Laegir said:

User.txt is found when you pwn user account. You are probably not user yet

I know but I was expected to get it after getting the shell.

@elakwah said:
got a reverse shell but > @Laegir said:

User.txt is found when you pwn user account. You are probably not user yet

I know but I was expected to get it after getting the shell.

most of the times when you get a shell from a web server, you have to escalate to user to get the user.txt

Enumerate everything you have access to. Something you need might be stored elsewhere.

I’m loving this machine! The initial foothold was really fun and pretty unique, then the privesc to user was a bit boring. On to root now. We’ll see how it goes!

always getting 500 internal server error can someone guide me on this thing?

Anybody else getting the error “ImportError: No module named posix”?

Hi,

I got a shell but I’m struggling to escalate to the user account. Can I PM anyone what I have so far?

Any help will be much appreciated

Hi
need help when i send my exploit i have error BadPickleGet: 111

@abogaida said:
Hi,

I got a shell but I’m struggling to escalate to the user account. Can I PM anyone what I have so far?

Any help will be much appreciated

NVM, I got it :slight_smile:

can anyone give me the initial steps, can’t get how to enter

Anyone can give me a little nudge? It’s so bizarre