Can someone PM me on the main website about the XML injection… Uploaded an xml script but I’m getting internal server error, tried curl but to no avail, I have no idea what to do
@drywaterv2 make sure the format is correct, try to upload a XML without malicious payload first. Also, read carefully.
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?
@prutz said:
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?
I ran dirbuster, gobuster and dirb, there are only 2 directories (f*** and u*****)
@drywaterv2 said:
@prutz said:
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?I ran dirbuster, gobuster and dirb, there are only 2 directories (f*** and u*****)
you are ritgh
@prutz said:
@drywaterv2 make sure the format is correct, try to upload a XML without malicious payload first. Also, read carefully.
I have the same problem, i uploaded but the page don’t say if the file load successfull or not. how do you know that is working?
Got root on the box. Thanks @lokori for the interesting challenge. Got stuck for quite a while on the initial entry into the system, but eventually figured it out 
@OroJackson said:
@drywaterv2 said:
@prutz said:
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?I ran dirbuster, gobuster and dirb, there are only 2 directories (f*** and u*****)
you are ritgh
@prutz said:
@drywaterv2 make sure the format is correct, try to upload a XML without malicious payload first. Also, read carefully.I have the same problem, i uploaded but the page don’t say if the file load successfull or not. how do you know that is working?
If you upload an XML it will always give the internal server error. You’ve got to look inside the page, but i haven’t found anything useful myself
@drywaterv2 said:
@OroJackson said:
@drywaterv2 said:
@prutz said:
Got user, can someone PM how I should’ve found the place to upload? Did some random guess work. Maybe shouldve ran my buster a bit longer?I ran dirbuster, gobuster and dirb, there are only 2 directories (f*** and u*****)
you are ritgh
@prutz said:
@drywaterv2 make sure the format is correct, try to upload a XML without malicious payload first. Also, read carefully.I have the same problem, i uploaded but the page don’t say if the file load successfull or not. how do you know that is working?
If you upload an XML it will always give the internal server error. You’ve got to look inside the page, but i haven’t found anything useful myself
You need read, was harder for me interpret but know we some help i have a user but i am stuck again.
got root… if you stuck feel free to pm me…
Yeah user.txt was a little hard but priv.esc??!! 
When you start to enumerate files for priv.esc., you realize that there are lots of lots places and users(!) to look and you are saying “wow, hmm what is happening here??”
Lets talk about time machine: I hope that you are not talking about the most basic past tense file at user folders, if it is, i rode that file aproximately 5-10 times, I am suprized about what is he doing again and again…
And also no one is talking about .sh files(not run… ones), I spent my most time about those sh files, and searching about the very known command at that sh files, but always getting authentication errors.
Now I am asking that am I at correct path or I should start all from the beginning?? 
Edit: Answer to my question by myself 
Yes I was at right path but forget about .sh files. I realized that I was also reading that time machine file before getting user.txt. I just didnt think that comment was so much important !!! Yess rooted !!! Thanks to @wilsonnkwan for the hint…
stuck at upload can anyone PM me getting internal server error
■■■! Finally got the initial data exfiltration method.
After spending hours on this. Its just feels great when you figure it out and understand the minute thing that you missed.
If it wasnt for this box, I wouldnt have spent so much time on this vulnerability.
So found the upload method and can browse my results …but cant seem to work out execution of commands …anyone willing to PM me with a syntax nudge.
Finally got root.txt. This was an amazing box. Really learned a lot of things. Pm if anyone needs any hints.
Hello!
I’ve the user.txt… Is a reverse shell needed for get root?
Regards
@SimVirus said:
Hello!
I’ve the user.txt… Is a reverse shell needed for get root?
Regards
If you can read files on a server, what files would be really useful to gain initial foothold?
From there it’s straight forward, lots of people have given some really good hints. Just don’t overthink it.
Can someone PM me a hint for priv esc? Not sure how to proceed…
If you can read files on a server, what files would be really useful to gain initial foothold?
Done! thank you! Now I’m starting with Priv Esc
any hint for 500 internal server error cant able to upload the file
Any hint for xml format? I’m stuck. What I need to see if my xml works? On the inspect element section o where? Im really noob