I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
UPDATE found a workable script on Github.
There is an easier way using one kind of jewel⌠found in the sea
Have managed it 3 ways now but your cryptic clue has me stumped
I have rooted the box but interested to know if anyone got initial shell without using metasploit ? I found my usual ways of shelling wordpress ( theme template editing or uploading plugin) failed.
I did it without MSF using one of the ways you used. It works
UPDATE found a workable script on Github.
There is an easier way using one kind of jewel⌠found in the sea
Have managed it 3 ways now but your cryptic clue has me stumped
Hi,
Box rooted, fun box
Anyone could help me understand how come we were able to get a RCE? This version should not have this vulnerability from my understanding. I donât want to put too much details here to avoid spoiling. If anyone could PM that would be great.
Hi,
Box rooted, fun box
Anyone could help me understand how come we were able to get a RCE? This version should not have this vulnerability from my understanding. I donât want to put too much details here to avoid spoiling. If anyone could PM that would be great.
If you have that account with that level of permissions, you have inherent RCE (by design)
Finally rooted. I learned funny things along the way!
enum: It is right there, just think about what you have. You donât need to spend too much time so donât overthink.
user: itâs a bit hidden but if you enum well you only have to follow the dots
root: pretty original and never heard before. was a bit hard for me since I didnât found many interesting information about this kind of privesc. You will need to enum a bit more and see what can you do.
Finally rooted. I learned funny things along the way!
enum: It is right there, just think about what you have. You donât need to spend too much time so donât overthink.
user: itâs a bit hidden but if you enum well you only have to follow the dots
root: pretty original and never heard before. was a bit hard for me since I didnât found many interesting information about this kind of privesc. You will need to enum a bit more and see what can you do.
Great box and quite testing at times as I still required some nudges to find the way. Thanks to those that helped. Often the answer was right in front of me and although there was nothing particularly hard about this box I just got lost in all the other information.
Foothold is not obvious to me. I have done scans and some enum. Probably just donât know what I should be looking for. Feel free to PM for any nudges. Thanks.
See if you can read any file, the di****** li**** is what you should try and focus on. See every file, maybe not every file is visible directly?
This is doing my head in.
I have logged into the cms. I have tried various pl**ins from the web to get a rs but none worked. I edited a the*me file for a ws which worked but when using it to launch a bash rs nothing happens.
This is doing my head in.
I have logged into the cms. I have tried various pl**ins from the web to get a rs but none worked. I edited a the*me file for a ws which worked but when using it to launch a bash rs nothing happens.
Am I in a rabbit hole?
Nope, try using msf for reverse shell if other things arenât working.
Finally rooted.
I was blind to see the foothold part. It was right in front of me but it took me some time to see it.
User part was enum (like going through everything)
and root part was nice.