Iāve managed to find the user flag and enumerate the filesystem, but I have no idea how I can get a shell. Any hints would be appreciated.
Type your comment> @rayjolt said:
Iāve managed to find the user flag and enumerate the filesystem, but I have no idea how I can get a shell. Any hints would be appreciated.
You might have overlooked an open port. You can enumerate the configuration file for that service which will give a lot clues for an attack.
Type your comment> @rayjolt said:
Iāve managed to find the user flag and enumerate the filesystem, but I have no idea how I can get a shell. Any hints would be appreciated.
That is the wonderful part in the machine. Try to read some network oriented config files.
@TazWake said:
You might have overlooked an open port. You can enumerate the configuration file for that service which will give a lot clues for an attack.
@gunroot said:
That is the wonderful part in the machine. Try to read some network oriented config files.
Thanks, I found it. Now to work out how to exploit itā¦
Gosh that box is a marathonā¦ i think iām at the very last stage (finally), entering waters that iām not at all comfortable with, but on the other side it would pain me to give up here after all the work.
I would like to ask a specific question about the last step when building the exploit. Maybe somebody like to message me.
EDIT: Okay, not needed any more. I found my mistake
I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a canāt-find-message like ā Canāt find ā¦/ā¦/ā¦/ ā ?
Reset the box twice but still can not enumerate the fs. Someone else stuck here?
Thank you @gunroot
Type your comment> @Maxiquester said:
I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a canāt-find-message like ā Canāt find ā¦/ā¦/ā¦/ ā ?
Reset the box twice but still can not enumerate the fs. Someone else stuck here?
Read the source code clearly. There is more than one end points for separate purposes.
Type your comment> @Maxiquester said:
I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a canāt-find-message like ā Canāt find ā¦/ā¦/ā¦/ ā ?
Reset the box twice but still can not enumerate the fs. Someone else stuck here?Thank you @gunroot
check exactly the path.
I am stuck at the root part. I have found something that I want to forward to my attacking machine. But I canāt figure out how? Any hints?
Spoiler Removed
The command-lines I posted, which have been marked as spoilers, didnāt work anyway. Sorry for creating confusion, I just found out while doing a follow-up on this machine. Try a handfull exfiltration methods. One standard (spoiler?) procedure will work, I promise.
yeah it workedā¦ just didnāt finish on its ownā¦ so spoiler-alert was justified I guess.
Does this box ban outgoing communication? I have RCE. but I canāt ping and curl to my machine.
Edit: I found itās not important.
So I see my favorite syringe tool doesnāt appear to want to workā¦ this is gonna be messy
Edit: I am in pain
Type your comment> @1shikoroK0ishi said:
Does this box ban outgoing communication? I have RCE. but I canāt ping and curl to my machine.
Edit: I found itās not important.
same problem I can do any command like whoami , id and ls
but when use wget,curl, ping and reverse shell didnāt work
any help
I GOT THE QUERY RIGHT HELLLLL YEAAA!!!
*Spoiler Removed*
Anyone willing to help me with the s***d part? I have execution but canāt figure out how to get shell or do it without