Feeling Good, got root. Hint for that box do not assume anything and read more. Try Harder !!!
@dmknght said:
Can not make RCE work I used generator payload from github. Boring is safe
Not sure if you are talking about the initial foothold or a point further along, in the first case check how you are encoding whatever you have. If possible test it locally using whatever you have found and you will be able to see more info on why it is failing. I can’t really post more details here but feel free to message me with any questions about this box and I’ll give whatever hints I can (without spoiling anything of course).
@Ic3M4n said:
@dmknght said:
Can not make RCE work I used generator payload from github. Boring is safeNot sure if you are talking about the initial foothold or a point further along, in the first case check how you are encoding whatever you have. If possible test it locally using whatever you have found and you will be able to see more info on why it is failing. I can’t really post more details here but feel free to message me with any questions about this box and I’ll give whatever hints I can (without spoiling anything of course).
I think i did not use right encoder. I did not enumerate the machine and information for exploit enough as well. I am doing other boxes and i will back to this box when I feel ready. Thanks for your help
DM me if you are stuck at priv esc. I want to discuss it
Is anyone online for a quick private message? I am lost in getting the initial foothold. Greatly appreciate it if someone can point me to the right direction
■■■■ it. The comments here only made me more frustrated. It feels like my payload should be working… It is working locally
The best value you get if you make a python script (POC) that does the whole process. Especially if you are not familiar with python. It’s easy. You can easily google all you need.
@fingeron said:
■■■■ it. The comments here only made me more frustrated. It feels like my payload should be working… It is working locally
I am stuck where you are. It has something to do with encoding. If I can be more specific when I figure it out without giving it away, I will. The advice I was given was to setup the whole thing locally so that I could test…
Any hint on user.txt? I’ve been trying to make authenticated queries to couchdb.
@MartyV said:
Any hint on user.txt? I’ve been trying to make authenticated queries to couchdb.
hint: What will you do next when you controlled the server and couchdb ?
Any hints on doing RCE? I’ve been hitting 500s because of this “char + quote”. Any hints on this? Please PM
@anikka said:
Any hints on doing RCE? I’ve been hitting 500s because of this “char + quote”. Any hints on this? Please PM
same probleme but withoiut char its works
Same, stuck in char + quote. Escaping \n does not work though. Any hints PM please?
Wow! That was fun. I’m not very experienced with databases, so I learned a LOT! Great box!
Can’t root the box. Any nudges on how to use *** or is that a rabbit hole? Please PM
Rooted! Learned so much about this box.
I would appreciate a PM with any good read related to this exploit if possible.
i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can’t find any hint about where the vuln app is, can anyone pm me please
@3ll137hy said:
i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can’t find any hint about where the vuln app is, can anyone pm me please
I found nmap operating system scan useful.