Dev0ops hints

Hey @cichy. Thanks I figured out how to read files and gotten some useful info like usernames but not sure where to go from here. Is bruteforcing required after that?

@FFEJ

I don’t know what I can say in public and what will be banned :slight_smile:

Back to the case, if You are able to read filesystem just find this one file in default location You have everything on page after upload

@FFEJ bruteforcing is not required. There might be more than one way to skin a cat, but it doesn’t require arbitrary guesswork or bruteforcing.

My payload seems to be malformed, can anyone PM me about the format of the payload?

Owned… pm if you need

@J3rryBl4nks said:
My payload seems to be malformed, can anyone PM me about the format of the payload?

There must be a father with 3 sons :wink:

Rooted. Nice box @lokori. :+1:

Rooted. Great fun, thanks @lokori !

what exactly am I missing ? did I read too much in the posts ? hint me without spoilers for initial foot hold.

@ph3on1x said:
what exactly am I missing ? did I read too much in the posts ? hint me without spoilers for initial foot hold.

just do not think of the posts.
read information you have from what you found and it will come to you.
initial foothold is pretty simple once you get the idea

It’s the first time I give “hints”, so please remove this post if deemed necessary.

For anyone looking to get hold of the user, I can see at least 2 ways in: one being more popular than the other. So at least 2 methods, 2 different places.

@lokori, “how many ways to skin a cat” to get the user, actually? Are there more than 2 intended methods?

can someone pm me? I think I have a way in but want to bounce an idea off… Can’t say anymore without spoiling.

i got user flag , i want to ask something in method to get shell
please ,anyone can PM me

@Anna said:
i got user flag , i want to ask something in method to get shell
please ,anyone can PM me

Feel free to shoot me a PM if you still have questions.

Got root. PM me for hints that aren’t giveaways.

and rooted. took me quite a while. I suspect someones messing with the files on the box…

canape and this box has similar weakness

can pm me if you need a nudge

This one has me stumped. I don’t even know where to start. I found something that can possibly be a way in but I don’t know where my files end up on the system. Once uploaded I can’t run

There are at least three paths :slight_smile: One of these is totally unintended and I didn’t even realize it before :astonished: DesignOops.