Well I finally rooted this box but wouldn’t have been able to do any of it without a lot of patience and nudges along the way from @TazWake and @wxadvisor .
uid=0(root) gid=0(root) groups=0(root)
python -c ‘import pty;pty.spawn(“/bin/bash”)’
root@book:~#
Each stage taught me techniques which I haven’t seen or used but will definitely not forget.
Bypassing the guard on this one has got me stumped. I’ve tried URL, Unicode, octal, hex, string concat, mixed-case, inline comments. Can any nudge me towards the right one please?
finally got around to doing this box… i learned so many new things! already lots of hints so just pm if you need a nudge but tell me what you’ve already done and tried.
I found a special file. Whenever I try to login to the server using that file I get err msg “Connection closed by 10.10.10.176 on port x”. I dont know what to do with that. Any hints?
Hello guys. I found the vulnerability in the admin panel and I exploit it, but when I use my payload nothing happen. I always be redirected to admin login page but It don’t raise the alert box with “Nope” as usual when you fall login. I don’t want to spoil this amazing box so if someone want to help me for understand better what I am doing wrongly please PM and I will explain more better what I did and what happened.
Thank you to @Kevoenos for the link on the initial attack. It was what I was trying, but I was doing it in the wrong place, AND, if doing it at teh same time as other people this part is hard. IF a payload doesn’t work, wait a bit for a reset, and confirm someone else isn’t mucking up the attack. Try not to use a common file of interest to confirm access, use some other file in a directory that will always be there so that you know it was you, and not someone else
I will not say I loved it, because I hit some rabbit holes. The last part was annoying with a capital A but it worked I gave the builder my respect. Keep it up!