Canape

When I run the site locally I get an error: no module named posix. Could this also happen on the remote and that’s why I get the 500 ?

@Nickktr said:
When I run the site locally I get an error: no module named posix. Could this also happen on the remote and that’s why I get the 500 ?

You’re getting 500 error because you’re payload is wrong, causing server-side exceptions during your request.

@dyni0x3a said:
getting 500 on RCE, don’t know what I am doing wrong. Working fine on local machine.

500 error code occurs because Python cannot add a string and a number, for example if your RCE is over os.system because it returns the code that the program accomplished

I have RCE via os.system(), i tested it on sample commands: cat, find etc, it works! However when i tried make backconnect via nc, /dev/tcp or python script nothing happens. There is no connection (( What am I doing wrong?

I have a shell and am now targeting user.txt. Can anyone PM please as have a question regarding that. Thx!

Beating my head on this… Love it

Got low priv shell, any hints about user.txt?

On machine has no internet connection( Any idea how to load scripts? I tried via nc -l -p 1234 -q 1 > something.zip < /dev/null, but i can’t connect to machine.

Any tips on getting started with this one. Did the normal stuff see one port and repo . Per a comment earlier i translated and looked into that but stuck

@darkoria research what you found @SpicyCrack3r put the files in your web directory and do a wget to your ip/file and download that way. Initial foothold was something new and kind of cool but frustrating, user access was easy once you thought how to do it and now root , well root been enumerating a few hours think I know what I need but still trying to figure out how to get it.

Trying to get root. Am I in the rabbit hole when playing with p**? NVM got it. This box is interesting.

Anyone to discuss something about the reverse shell?

could use some help…found the vector.stuck at creating payload… how to run multiple commands in the same line for python, plan is to make initial string comment then payload

@genxweb said:
@SpicyCrack3r put the files in your web directory and do a wget to your ip/file and download that way.

thx, easy way is gone from my eyes

Advice for the initial foothold:
Try working on it locally first and get something basic working.

Agreed. Guys, this box is somehow refreshing … :slight_smile: Great time.

I have the app running locally but I still can’t get RCE. When I generate the payload for RCE and the app creates the .p file locally, I try to run it in my own python interpreter with the “vulnerable” library and method I get the following error:

ImportError: No module named os

Running dos2unix on the .p file containing the exploit fixes the issue. I still can’t get RCE b/c I think my exploit is being generated incorrectly (I’m doing it in Kali so I have no idea why dos2unix has an effect) and this in turn isn’t working in the app. If I generate the payload and then execute it in the same script (i.e. non-interactively and bypassing the app altogether) it works fine. This is very frustrating and any help would be appreciated.

@mikekhusid said:
I have the app running locally but I still can’t get RCE. When I generate the payload for RCE and the app creates the .p file locally, I try to run it in my own python interpreter with the “vulnerable” library and method I get the following error:

ImportError: No module named os

Running dos2unix on the .p file containing the exploit fixes the issue. I still can’t get RCE b/c I think my exploit is being generated incorrectly (I’m doing it in Kali so I have no idea why dos2unix has an effect) and this in turn isn’t working in the app. If I generate the payload and then execute it in the same script (i.e. non-interactively and bypassing the app altogether) it works fine. This is very frustrating and any help would be appreciated.

at this very moment I am exactly on the same spot, (not with the chars no need dos2unix) also with some modifications I get BadPickleGet: 111, the reason you may have to pass dos2exploit is because you need to understand what format is the data saved to the file… check cPickle online…

This machine is awesome. I did not make a shell via RCE yet, but i love the way to hack it.

I’ve got a shell since yesterday, quite easy in the end. Now, on my way to impersonate another user to get user.txt … so far, I’m having lots of fun with this one!