Official Intense Discussion

I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a can’t-find-message like ’ Can’t find …/…/…/ ’ ?
Reset the box twice but still can not enumerate the fs. Someone else stuck here?

Thank you @gunroot

Type your comment> @Maxiquester said:

I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a can’t-find-message like ’ Can’t find …/…/…/ ’ ?
Reset the box twice but still can not enumerate the fs. Someone else stuck here?

Read the source code clearly. There is more than one end points for separate purposes.

Type your comment> @Maxiquester said:

I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a can’t-find-message like ’ Can’t find …/…/…/ ’ ?
Reset the box twice but still can not enumerate the fs. Someone else stuck here?

Thank you @gunroot

check exactly the path.

I am stuck at the root part. I have found something that I want to forward to my attacking machine. But I can’t figure out how? Any hints?

Spoiler Removed

The command-lines I posted, which have been marked as spoilers, didn’t work anyway. Sorry for creating confusion, I just found out while doing a follow-up on this machine. Try a handfull exfiltration methods. One standard (spoiler?) procedure will work, I promise.

yeah it worked… just didn’t finish on its own… so spoiler-alert was justified I guess.

Does this box ban outgoing communication? I have RCE. but I can’t ping and curl to my machine.

Edit: I found it’s not important.

So I see my favorite syringe tool doesn’t appear to want to work… this is gonna be messy

Edit: I am in pain

Type your comment> @1shikoroK0ishi said:

Does this box ban outgoing communication? I have RCE. but I can’t ping and curl to my machine.

Edit: I found it’s not important.

same problem I can do any command like whoami , id and ls
but when use wget,curl, ping and reverse shell didn’t work

any help

I GOT THE QUERY RIGHT HELLLLL YEAAA!!! :sunglasses:

@LMAY75 said:

I GOT THE QUERY RIGHT HELLLLL YEAAA!!! :sunglasses:

Yayy!!! ??

*Spoiler Removed*

Anyone willing to help me with the s***d part? I have execution but can’t figure out how to get shell or do it without

Finally rooted, but it was really hard.

This doesn’t make sense… the user is prevented from writing over the buffer. Is this a rabbit hole?

Hi, could someone dm why my generated cookie isn’t working I know the attack I need to perform but nothing seems to work.

Type your comment> @mohabaks said:

Hi, could someone dm why my generated cookie isn’t working I know the attack I need to perform but nothing seems to work.

I’m in the same spot… Swear I’m doing everything right and have tried the various options based on the source.

Edit: NVM had it right. silly mistake on my part…


NVM, I first needed to embarrass myself :tired_face: 

Sad to see this box seems to be retiring at the weekend.

It is a hard one, I’d suggest if you hadn’t already made progress on it by now, it probably isn’t worth starting.