Book

Once you know you can trigger the last step yourself, it makes it all go a bit quicker. I don’t know how many hours I spent waiting… I was also able to get a reverse shell as root even though it is not required to get what you need.

If you are stumped on user or root, send me a DM and I will try to help.

@cyb3rpunk666 said:

Type your comment> @orespan said:

Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.

I am having the same problem, I have a feeling that we’re missing something important. but I have a script checking content length of every url I found. So far I got nothing

Any hints are appreciated

Are you sure you are checking the right things - it is a form field you need to focus on.

finally roteed @TazWake Thanx for everything :slight_smile:

pm for hint :slight_smile:

Type your comment> @TazWake said:

@cyb3rpunk666 said:

Type your comment> @orespan said:

Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.

I am having the same problem, I have a feeling that we’re missing something important. but I have a script checking content length of every url I found. So far I got nothing

Any hints are appreciated

Are you sure you are checking the right things - it is a form field you need to focus on.

What should we do with field? is it SQL injection ?

Spoiler Removed

Spoiler Removed

*beep *beep finally! Thank you for the assistance to everyone that nudged me, respect has been given (If I haven’t please DM). Thank you to @MrR3boot learned lots of new things.

Spoiler Removed

Rooted the book and learnt a bunch of things from it. Thank you @MrR3boot for such a cool box !!!

There are sufficient hints already in the forum, so won’t repeat them, but if anyone is stuck with any payload or step, feel free to DM.

Happy to help as always :slight_smile:

Hello, anyone here got this error just before getting the user ?

  • 140507558761664:error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode:…/crypto/pem/pem_lib.c:929:

Edit : Nevermind i just had to ajuste it

I’m so lost on getting admin panel access. I’ve seen what was in the forums here but I still am at a loss of what to try to get admin access. Can someone pm me please?

Hello, I know what to exploit to get into the admin panel but I can’t figure out how to do it… if anyone can send me any hint :dizzy:

PS: User owned, I was sending my payloads to the wrong place ^^'…

  • Rooted, I think this box was great but other users keep messing with the payloads…

Hello there,
I got problems with the exploit for the root it works but it doesnt write anything neither execute the command i give him, the ‘u’ changes to my user id but nothing else happens.
if anyone is nice enough to hit me with a PM it’s be nice thank you.

@Selcius said:

Hello there,
I got problems with the exploit for the root it works but it doesnt write anything neither execute the command i give him, the ‘u’ changes to my user id but nothing else happens.
if anyone is nice enough to hit me with a PM it’s be nice thank you.

Make sure you use single quotes not backticks.

Type your comment> @TazWake said:

@Selcius said:

Hello there,
I got problems with the exploit for the root it works but it doesnt write anything neither execute the command i give him, the ‘u’ changes to my user id but nothing else happens.
if anyone is nice enough to hit me with a PM it’s be nice thank you.

Make sure you use single quotes not backticks.

I already did that, nothing changes except for the id -u that changes to my id but the payload doesn’t execute

@Selcius said:

I already did that, nothing changes except for the id -u that changes to my id but the payload doesn’t execute

Not sure what you mean by chances to your ID - you dont want that to happen.

Chances are the thing you are pointing it at isn’t changing. Either make sure you modify it after running the exploit or drop me a PM for more specifics.

root@book:~# id && hostname
uid=0(root) gid=0(root) groups=0(root)
book

Big thanks to @TazWake for the crucial pointers.
Great box @MrR3boot ,it really streched my mind haha…

Rooted it FINALLY !
Big thanks to @TazWake for being so patient with me
I really hated the root part, being on a free server and having a race condition sucks i dont know why some people just try to modify your files or even delete them sometimes.

What is the problem with C********* ? It worked but at some point it started to give only 0 bytes files if make a request

NVM, my bad

Done and Dusted! Privesc to root was fun! Thanks to @3LI for the nudge.