Canape

Any hint on user.txt? I’ve been trying to make authenticated queries to couchdb.

@MartyV said:
Any hint on user.txt? I’ve been trying to make authenticated queries to couchdb.

hint: What will you do next when you controlled the server and couchdb ?

Any hints on doing RCE? I’ve been hitting 500s because of this “char + quote”. Any hints on this? Please PM

@anikka said:
Any hints on doing RCE? I’ve been hitting 500s because of this “char + quote”. Any hints on this? Please PM

same probleme but withoiut char its works

Same, stuck in char + quote. Escaping \n does not work though. Any hints PM please?

Wow! That was fun. I’m not very experienced with databases, so I learned a LOT! Great box!

@anikka @markopasa @Javox Try different combinations how you can bypass the check.

Can’t root the box. Any nudges on how to use *** or is that a rabbit hole? Please PM

Rooted! Learned so much about this box. :slight_smile:

I would appreciate a PM with any good read related to this exploit if possible.

i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can’t find any hint about where the vuln app is, can anyone pm me please

@3ll137hy said:
i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can’t find any hint about where the vuln app is, can anyone pm me please

I found nmap operating system scan useful.

a hint on how to escalate to user would be much appreciated.
I have been stuck there for a while, I found a hash and tried to crack but no luck.
I have the repo and been through it all the way but can’t figure it out

NVM got user,
Now to root

Got root and a big lesson learned.

Trying to get root.txt for a couple of days, but can’t make any progress. Could anyone help with nudge please (DM) ?

Rooted.
@aanndd if you want, you can PM me.

tsuller, rooted it today (with a nudge from markopasa). thanks!

@aanndd said:
tsuller, rooted it today (with a nudge from markopasa). thanks!

Awesome! If anybody wants some tip without spoilers, feel free to pm me.

i need a hint to get user shell after getting into the system . i tried many things but with no luck . is it a credentials i need to find or an exploit as i feel i lost my way .