Need some help with my initial RCE. I’ve got everything working on my local machine (able to send a rev shell and execute whatever command), but when I try it against the target, just about everything fails, but I’m able to ping myself.
If someone could take a look at what I’m sending and tell me why it’s failing, I’d really appreciate it.
EDIT: Disregard…figured it out.
EDIT2: Got it rooted. Very cool machine that’s pretty CTFish but it was an awesome reverse engineering exercise. Here are some hints:
Foothold - Find the interesting script mentioned. Then figure out where it’s vulnerable. I recommend getting it working on your own machine so you can see errors and effects, and then trying it out with simple networking commands on the target. Remember print statements to help out with debugging
User - Fairly simple…pay attention to the files you’re given, and what the script is actually doing to its inputs.
Root - This one was pretty cool…be mega fast and maybe you’ll get some juicy info!