Foothold: Donāt believe everything. And google is your friend. Actually read the errors.
Local: Very basic enum.
root: More basic enum to find the obvious goal. Getting the ball over the finish line takes a bit of studying. The creators of this technology have everything you need.
Hello, I have some trouble with my reverse shell.
The server downloads the "META-/s*/..Factory and snake/**.class but I donāt think the payload is runningā¦
Can I have some hint ?
Thanks you all for your returns but didnt need this tool, actually it is used by the only program I can run (donāt want to spoil) ā line 5 in the import section. So it returns me a ācannot find packageā errorā¦
The program youāre talking about can definitely be executed. I havenāt solved how to get it to do what I want yet, but you should double checkā¦
You can run that program without importing/installing anything. Donāt know if the thing it is importing will be useful later, though
id
uid=0(root) gid=0(root) groups=0(root)```
Very good machine, I have learned a lot in the process to get root. Recommended to find a way to make the m*.w* file "understandable". Any hints PM.
I finally managed to root the machine. I spent a lot of time trying to compile stuff for the root part, but there is an easier solution. If you need any help let me know.
~~I find a sn**yaml payload and try to get a reverse shell, I add a simple nc in the payload and it can connect to my local pc, but any other reverse payload canāt work. Also tried to download the exp to the machine, but when try to execute it ,it doensāt work. ~~
Edit: Get the foothold finally, I should use a definite address in the payload. The user is simple to get, working on the root now.
Wondering if anyone could help on foothold. I got past the 500 errors but reverse shell isnāt working. Connects up but canāt execute commands. I assume there is a problem with the payload.
Ended up figuring out payload: had to run two services at once for it to play nice though. User is trivial from there if you explored the site a bit. On to rootā¦
Kinda stuck on the root part. Tried compiling myself, didnāt work for some reason. Didnt find the package needed for compiling on the box either. Any help will be appreciated.
Hi, i managed to manipulate the request and i can make the machine download my files, but every reverse shell i try i donāt get the connection, can you give me any nudge?
i managed to get a simple nc without commands and without the ā-eā
Hi, i managed to manipulate the request and i can make the machine download my files, but every reverse shell i try i donāt get the connection, can you give me any nudge?
i managed to get a simple nc without commands and without the ā-eā
From what I can tell so far the YAML parser is at least meant to work. Anyone else getting a blank page with āDue to security reason this feature has been temporarily on hold. We will soon fix the issue!ā everytime they post something to the Yaml servlet?
From what I can tell so far the YAML parser is at least meant to work. Anyone else getting a blank page with āDue to security reason this feature has been temporarily on hold. We will soon fix the issue!ā everytime they post something to the Yaml servlet?
Yep
the same here
It worked the last time I tried to get a reverse connection
Hello everyone (finally back on track!)
This machine was really interesting.
Learnt something new.
Everything has already been said.
For foothold, when you think is not working, think also that there is always a workaround.
Cheers!
Impossible to get that yaml thing functionning :neutral:. Tried to execute system commands but itās not the right way. You need to run a web server on your host to serve files to attacked url.
For rooting, I just was enable to use webassembly tools. I found a web online tool that do the same. I thought deploy.sh deploy a war to tomcat server but itās simpler thant that. Just execute commands with root account.
Well, that was impossible for me without tutos but I really tried to go ahead. I learned things undoubtly.
I would say the rating is accurate. I had issues with both foothold and root, but only because Iām stupid. foothold i could have gotten quicker if my syntax had been correct first time. root i could have saved myself two days had I looked at something correctly. I pretty much knew exactly how to get to root once i looked the box over and read everything around me. I even did the steps that would get me to root, but then just missed ONE thingā¦