When certain file is uploaded, just for test sake, seems web server is crashing. Not sure if that is intended behavior, but machine reset is needed.
Someone if could confirm same…
rooted i like the box in the first part
my hints:
-simple enum can you in the place
-you are there take a look what you can do the cve gives issues simulate with burp
-you are there ,limited but there, dont forgot its compromised
-the attacker can come back so think how with everything limited
-you found the way get in dont be shied
-ok stay at home its not safe out
-think how the attacker can gain root he must left a backdoor
hope its not a big spoile
thanks to @TheCyberGeek for hints this guy is geek really
also thanks to @D4nch3n for this box
I uploaded a webshell using the exploit from e*****tdb and the admin credentials but the shell doesn’t seem to respond, I don’t know if I’m getting the upload path wrong or somehow it’s getting deleted, if anyone got the same issue and could help with nudges I would appreciate very much! (I tryied some other things and I think I took the box down :neutral:)
PS: I manage to make uploads manually using burp. but still can’t get much response… At least I now know that the upload is successful since when I try to trigger a reverse shell which daemonise itself I get a common error: "WARNING: Failed to daemonise. This is quite common and not fatal. () " but still no connection. I was also able to upload a file with only the content “test” and it gets succesfully displayed but I can’t make it parse any commands to the system…