Official Feline Discussion

I ve been stuck for hours. Still haven t found the way to execute my uploaded payload. I guess i haven t found the right path with the J*****D. I may need some nudges.

thanks,

Update: Finally got the user flag after many hours of experimenting…LOL thanks @TazWake

@meldancehall said:

I ve been stuck for hours. Still haven t found the way to execute my uploaded payload. I guess i haven t found the right path with the J*****D. I may need some nudges.

thanks,

Experimentation helps here.

great box learned some new tools, user was quick but it took a long time and a lot of reading for me to find the path to root.

Ok, I have manged to retrieve file upload path from the server, I have created my s***d ot exploit. I’m aware of the vulnerability and cannot connect back - Can I have a hint what am I doing wrong?

thanks to @TazWake i was able to get the user flag.
thanks to a tip from @gunroot i was able to go further.

thank you @Andres7ll for your patience in helping me figuring out the last steps to root.

respect to @MinatoTW and @MrR3boot for this amazing machine!

Type your comment> @VDoh said:

Ok, I have manged to retrieve file upload path from the server, I have created my s***d ot exploit. I’m aware of the vulnerability and cannot connect back - Can I have a hint what am I doing wrong?

i would gladly help you. just send me a DM with an explanation of what you did so far regarding this machine.

Hello can i mp someone to explain my issue concerning privilege escalation ? I know what to do but I need some explanation !

Thank you :slight_smile:

Type your comment> @OniNephilim said:

Hello can i mp someone to explain my issue concerning privilege escalation ? I know what to do but I need some explanation !

Thank you :slight_smile:

sure! just send me a DM with an explanation of what you did so far and what you think might be the next steps.

Got root. User was harder then root for me. @TazWake, thanks for push at user stage.

Rooted. If you need some help, DM me.

hey guys, could you some nudge on foothold.
(or PM so i can describe what i’ve already did)
Thanks!

Rooted! What a great box!! Thanks @MinatoTW and @MrR3boot !!!

As always, DM if you need a nudge.

Really awesome box!

Finally rooted

Loved the foothold and d***** api parts but I need to demistify the lateral movement part because I’ve just copy pasted my way out of it…

I’ve learnt a lot of things, very amazing box !

Hi everybody! Need some hint to privesc here!

Umm, I got the exploit but whenever i curl to the ip address it is acting weird:

my command:

curl -XGET http://10.10.10.205:8080/

the output I get:

curl: (7) Failed to connect to 10.10.10.205 port 8080: No route to host

@w41l3r said:

Hi everybody! Need some hint to privesc here!

There are two privesc steps - one is to get root in the thing you are in, the other breaks out of it.

@shubhanshu7 said:

Umm, I got the exploit but whenever i curl to the ip address it is acting weird:

my command:

curl -XGET http://10.10.10.205:8080/

the output I get:

curl: (7) Failed to connect to 10.10.10.205 port 8080: No route to host

That error implies your VPN dropped or the server went down.

However, it’s also worth checking which bit of the box you are working on. If this is after you have got the user-flag, you might be trying to hit the wrong place.

Type your comment> @TazWake said:

@shubhanshu7 said:

Umm, I got the exploit but whenever i curl to the ip address it is acting weird:

my command:

curl -XGET http://10.10.10.205:8080/

the output I get:

curl: (7) Failed to connect to 10.10.10.205 port 8080: No route to host

That error implies your VPN dropped or the server went down.

However, it’s also worth checking which bit of the box you are working on. If this is after you have got the user-flag, you might be trying to hit the wrong place.

I was actually starting with the machine today. The ip address seems to be working fine on the browser but whenever I am doing a curl or a wget I get that error.

EDIT: with all other machines it is working just fine but not with this one.

@shubhanshu7 said:

I was actually starting with the machine today. The ip address seems to be working fine on the browser but whenever I am doing a curl or a wget I get that error.

EDIT: with all other machines it is working just fine but not with this one.

OK, can you open it in a browser?