Canape

… and root… Can confirm root is quite easy after pwning user.

i receive UnpicklingError: pickle data was truncated or BadPickcleget 111, I’m stuck. hint?

Spoiler Removed - Arrexel

Finally got shell. Not rooted yet, but I’m happy to nudge people still working on the initial foothold

Finally got root. Cool machine, thanks for the hints. If anyone needs a hint, you can PM me.

I have found all that I believe from remote enumeration and I have a few things to track down, but spent a lot of time so far with no luck; currently in a pickle trying to figure it all out. Please PM me if you can help me talk it out?

rooted! learned a lot :slight_smile:

Need some help on getting shell. I understand the exploit, have re-created it on my own machine and have even been able to pop a reverse shell on my own machine but never on Canape.

To everyone stuck at their pickled payload not working when submitted to the site: try using a popular http library for the submission of your pickled code. Copy & pasting the payload from the terminal + bad url encoding fucks up the payload, with the mentioned library it worked flawlessly.

Great box, enjoyed it all the way through lol

Is anyone else receive Bad Request on check endpoint ??

NVM got it :slight_smile:

@bugzy said:
Is anyone else receive Bad Request on check endpoint ??

finally working :slight_smile:

Finally rooted. Feel free to PM me for vague nudges :wink:

rooted!
Need a nudge? PM!

Rooted :slight_smile:
Good and learn many new things
root and user was easy after getting first foothold :wink:

Lost getting the initial foothold. Anybody can give me a nudge??

if some gentle soul is willing to guide me through the cursed valley of the couchdb … I can already look inside but still lost where to look …
pls pm

I need some help for Grammar web challenge

This box was a school !
finally root conquered !

I am feeling stupid for not being able to get the initial foothold… anyone could PM me?