Stratosphere

Wow, I was way overthinking it. How did I not see that? Thanks, got user, now to get root!

@EMotion2K18 said:
Wow, I was way overthinking it. How did I not see that? Thanks, got user, now to get root!

And rooted! That was an awesome way to get root, can’t believe that acutally worked. Best and most fun box i’ve done so far. Anyone need hints, feel free to PM me.

I’m dirbing and hydraing the ■■■■ out the machine with fairly large wordlists in a true elephant in a china store fashion after earlier attempts didn’t reveal much. So far no success past the frontpage really. Anyone mind telling me if this is the wrong approach? I’ll nmap once again too. I’m still quite n00b and don’t yet have a good understanding on what to look for and which are all the tools and methods I should enumerate with when facing a machine without any prior knowledge.

@osku said:
I’m dirbing and hydraing the ■■■■ out the machine with fairly large wordlists

A fairly large wordlist got me further than the default dirb wordlist… some of the hints posted here make a bit more sense now.

REEE TRY HARDER

@osku said:

@osku said:
I’m dirbing and hydraing the ■■■■ out the machine with fairly large wordlists

A fairly large wordlist got me further than the default dirb wordlist… some of the hints posted here make a bit more sense now.

Found the RCE :slight_smile: and been looking around and doing ■■■■, can’t get a better foothold to even find the user.txt yet… But I’m liking this so far!

And Mumbai I’m definitely trying harder :slight_smile:

@scp said:
Kindly someone PM me with some pointers.
I found several .action’s, but i can’t seem to figure out how to get RCE.
I’ve been fuzzing several days without any results.

you get anywhere on this yet?

Any pointers on how to get access to the user that likely has the user.txt? My RCE is fine and stable and i’ve been looking around the filesystem but can’t figure out what would lead to the user creds. I tried a few dicts with hydra to get creds for ssh but without luck yet…

Not sure what to look for :slight_smile: I have found Mo**** tomcat app and nothing else.

ok, got RCE

I’ve used multiple wordlists to try to get in. I’m not seeing anything besides the login page and the main js. The cve I found to put something on the server is not working. Getting forbidden errors. What am i missing here?

is it supposed to give not found on the script after the questions or somebody deleted it?

it suppose to. see what else you can do.

What am I missing here? I have RCE, seeing interesting files, notice one credentials for a service I found early (group of pawners), but doesn’t work. Do I need to keep looking?

Never mind, feel like an idiot because I didn’t know you could do one liners with that command. If you get stuck and don’t know what to do, maybe try something else you may have assumed wasn’t useful for anything.

Is someone screwing with files in /root on stratosphere or is something supposed to not found? sorry, been asking to PM people but no dice so just posting here because I’ve experienced a lot of screwing around with flags/files lately. Feel free to PM me like I’ve been asking so I don’t have to post any spoilers.

@Malfurion if you are referring to a script - then it is supposed to not be found.

@game0ver said:
@Malfurion if you are referring to a script - then it is supposed to not be found.

Cheers

Without being ‘spoilery’ I have RCE, found what I believe are credentials to a service as per filename, found the service running on a local port, but just not getting access to things stored by that running service after trying various combination of commands. Any ideas. Thanks

Spoiler Removed - Arrexel