Canape

Trying to get root.txt for a couple of days, but can’t make any progress. Could anyone help with nudge please (DM) ?

Rooted.
@aanndd if you want, you can PM me.

tsuller, rooted it today (with a nudge from markopasa). thanks!

@aanndd said:
tsuller, rooted it today (with a nudge from markopasa). thanks!

Awesome! If anybody wants some tip without spoilers, feel free to pm me.

i need a hint to get user shell after getting into the system . i tried many things but with no luck . is it a credentials i need to find or an exploit as i feel i lost my way .

Enumerate system, look what is running and if you cant use something.

i got admin account on the service , but i can’t execute commands using the exploit . thats why am lost :confused:

never mind i was so stupid XD
for all other people don’t fall to the rabbit hole, there is no rce exploit to get user access .

I came to say that this is an awesome box. On every spot epic! Thanks alot

got shell and trying to escalate… any1 wanna discuss/help PM me.

This is the most fun box ever :slight_smile: Got stable RCE, can run ■■■■ as www user, no user access yet… but this is so fun it doesn’t matter much :slight_smile:

anyone want to give a nudge? My RCE is fine, I can see the machine has something locally that smells of help with privesc to user, but I don’t have the creds really to access it…

Could someone with a foothold PM me? I need a nudge on how to exploit Couch + the link I found in the source code. I’m lost on what to do with it.

@Demosz said:
Could someone with a foothold PM me? I need a nudge on how to exploit Couch + the link I found in the source code. I’m lost on what to do with it.

You need to research a bit more on how the service is working in the background to exploit. If you don’t already have the necessarily files, you may need to enumerate a bit more as well.

@An00byss said:

@Demosz said:
Could someone with a foothold PM me? I need a nudge on how to exploit Couch + the link I found in the source code. I’m lost on what to do with it.

You need to research a bit more on how the service is working in the background to exploit. If you don’t already have the necessarily files, you may need to enumerate a bit more as well.

Sorry, I don’t have user or even a shell yet. I’m still struggling with just understanding what I have. Do you mean enumerate the site directory, or did I accidentally give the impression I have a shell.

Pwned user. This machine is cool af. Feel free to PM me too for nudges too.

Hint, (as seems to be the case often) a stable RCE is almost as useful as a shell – I could get everything to pwning user without a shell. Something that can execute commands and give back output is useful enough in this case.

… and root… Can confirm root is quite easy after pwning user.

i receive UnpicklingError: pickle data was truncated or BadPickcleget 111, I’m stuck. hint?

Spoiler Removed - Arrexel

Finally got shell. Not rooted yet, but I’m happy to nudge people still working on the initial foothold