Aragog

nvm, got it

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

@macw141 said:

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment

@w31rd0 said:

@macw141 said:

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment

Look what is displayed on the screen. Imagine how the application works and how output changes when you send input. It will quickly become clear how you need to format your payload.

@macw141 said:

@w31rd0 said:

@macw141 said:

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment

Look what is displayed on the screen. Imagine how the application works and how output changes when you send input. It will quickly become clear how you need to format your payload.

I understood how the initial input is converted and displayed.
The part i am struggling is how to change the functionallity to something else (and if that is possible :stuck_out_tongue: )
although i haven;t done a lot of testing on it yet…

Hey guys,
I have found two files and I have seen the top 10 of owasp but I don’t see any relation. An hint please?

@ska said:
Hey guys,
I have found two files and I have seen the top 10 of owasp but I don’t see any relation. An hint please?

Best advice I’ve seen is what is the format of the t*.* file… and how can you use that with the other one.

@sk2k said:

@ska said:
Hey guys,
I have found two files and I have seen the top 10 of owasp but I don’t see any relation. An hint please?

Best advice I’ve seen is what is the format of the t*.* file… and how can you use that with the other one.

Yes, I have seen that file, and now I have user :sweat_smile: , thanks!

Got RCE. Any pointers to get a shell. SSH creds would be good but cant find nothing. Got user names. Is it a brute force ssh?

@wbbugs said:
Got RCE. Any pointers to get a shell. SSH creds would be good but cant find nothing. Got user names. Is it a brute force ssh?

no need for that.

@wbbugs said:
Got RCE. Any pointers to get a shell. SSH creds would be good but cant find nothing. Got user names. Is it a brute force ssh?

Spent ages trying to figure this out and ended up on the next step early through enum…
So not sure how big a hint this is, but try and ssh manually

Any nudges for getting other user? I have first user. I got some hash and found job which runs but I cannot do anything from this user and I have no idea how to change to the other.

@w31rd0 said:

@macw141 said:

@w31rd0 said:

@macw141 said:

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment

Look what is displayed on the screen. Imagine how the application works and how output changes when you send input. It will quickly become clear how you need to format your payload.

I understood how the initial input is converted and displayed.
The part i am struggling is how to change the functionallity to something else (and if that is possible :stuck_out_tongue: )
although i haven;t done a lot of testing on it yet…

I too can see how my input is converted / output but cannot see how to inject anything. Need a steer in the right direction!

@Thun said:
Any nudges for getting other user? I have first user. I got some hash and found job which runs but I cannot do anything from this user and I have no idea how to change to the other.

If you have shell access, take another look into the services you know are running, take a look if there’s any messages left that might leave a clue on what to attack

@dneyed said:

@w31rd0 said:

@macw141 said:

@w31rd0 said:

@macw141 said:

@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please

This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.

I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment

Look what is displayed on the screen. Imagine how the application works and how output changes when you send input. It will quickly become clear how you need to format your payload.

I understood how the initial input is converted and displayed.
The part i am struggling is how to change the functionallity to something else (and if that is possible :stuck_out_tongue: )
although i haven;t done a lot of testing on it yet…

I too can see how my input is converted / output but cannot see how to inject anything. Need a steer in the right direction!

if you have managed to see the behavior. you will see an extra tab apperaing somewhere (i guess you know where).
then refer to OWASP TOP 10 ( that advice is gold, i got user with it)

I think this is my first post, i need a nudge if possible in Privilege Escalation so please DM me or if i can DM anyone . I know the directory used, the two scripts running at a specific time and the command used on one for the scripts and what it does. One of the scripts is related to the blog message and I think it may have an issue. Am I in the correct path ? Do i need to be c…f to escalate ?

is anyone available to private message to run a few questions by?

Hi there, just p0wned it. The first foothold is easy; the second one is for those who have patience… Here’s a couple of tips:

  1. First-foothold: as someone else said, focus on *. file and **. file, the first one from some service and the second one from another service. Combine them together by reading some OWASP Top-10 vulnerability. No need to perform RCE or shell, you can grab user.txt in no time.

  2. Priv-Esc: have patience.

Good luck!

I can’t even get past the first stage. I see the open ports. Ran dirbuster but got nothing

I just pwned this box yesterday, anyone who needs help with it feel free to PM me :slight_smile: