I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
UPDATE found a workable script on Github.
There is an easier way using one kind of jewel… found in the sea
I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
UPDATE found a workable script on Github.
There is an easier way using one kind of jewel… found in the sea
Have managed it 3 ways now but your cryptic clue has me stumped
I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
UPDATE found a workable script on Github.
There is an easier way using one kind of jewel… found in the sea
Have managed it 3 ways now but your cryptic clue has me stumped
Hi,
Box rooted, fun box
Anyone could help me understand how come we were able to get a RCE? This version should not have this vulnerability from my understanding. I don’t want to put too much details here to avoid spoiling. If anyone could PM that would be great.
Hi,
Box rooted, fun box
Anyone could help me understand how come we were able to get a RCE? This version should not have this vulnerability from my understanding. I don’t want to put too much details here to avoid spoiling. If anyone could PM that would be great.
If you have that account with that level of permissions, you have inherent RCE (by design)
Finally rooted. I learned funny things along the way!
enum: It is right there, just think about what you have. You don’t need to spend too much time so don’t overthink.
user: it’s a bit hidden but if you enum well you only have to follow the dots
root: pretty original and never heard before. was a bit hard for me since I didn’t found many interesting information about this kind of privesc. You will need to enum a bit more and see what can you do.
Finally rooted. I learned funny things along the way!
enum: It is right there, just think about what you have. You don’t need to spend too much time so don’t overthink.
user: it’s a bit hidden but if you enum well you only have to follow the dots
root: pretty original and never heard before. was a bit hard for me since I didn’t found many interesting information about this kind of privesc. You will need to enum a bit more and see what can you do.
Great box and quite testing at times as I still required some nudges to find the way. Thanks to those that helped. Often the answer was right in front of me and although there was nothing particularly hard about this box I just got lost in all the other information.
Foothold is not obvious to me. I have done scans and some enum. Probably just don’t know what I should be looking for. Feel free to PM for any nudges. Thanks.
See if you can read any file, the di****** li**** is what you should try and focus on. See every file, maybe not every file is visible directly?
This is doing my head in.
I have logged into the cms. I have tried various pl**ins from the web to get a rs but none worked. I edited a the*me file for a ws which worked but when using it to launch a bash rs nothing happens.
This is doing my head in.
I have logged into the cms. I have tried various pl**ins from the web to get a rs but none worked. I edited a the*me file for a ws which worked but when using it to launch a bash rs nothing happens.
Am I in a rabbit hole?
Nope, try using msf for reverse shell if other things aren’t working.