I found that payload thing if you want help PM me
is that s*f file needed for foothold? i tried methods but couldn’t read.
Type your comment> @rezabey said:
is that s*f file needed for foothold? i tried methods but couldn’t read.
@rezabey said:
is that s*f file needed for foothold? i tried methods but couldn’t read.
yes. try the way you typically read files
Type your comment> @menorevs said:
Type your comment> @rezabey said:
is that s*f file needed for foothold? i tried methods but couldn’t read.
@rezabey said:
is that s*f file needed for foothold? i tried methods but couldn’t read.yes. try the way you typically read files
i feel so dumb right now. ty.
Type your comment> @rezabey said:
Type your comment> @menorevs said:
Type your comment> @rezabey said:
is that s*f file needed for foothold? i tried methods but couldn’t read.
@rezabey said:
is that s*f file needed for foothold? i tried methods but couldn’t read.yes. try the way you typically read files
i feel so dumb right now. ty.
Never feel dumb learning!
Rooted, but people, do NOT change original configurations if it is not connected to the exploitation… and especially credentials! There is other people there trying to work at the same time and you waste their time by doing that!
Overall nice box
User: enumerate , m***t and find juicy info that will allow you to login. Then search for public info. Make sure you edit that public info carefully, especially the payload. There is no need of hardcoding any values.
Root: do regular enumeration and you should find something quickly
Is it necessary to change the password for the ***n account? the creds i had were working earlier, anyone seeing this behavior?
Having trouble on payload/POC. Kept it simple, tried more complicated and even tried to trigger manual. Been mindful of formatting, would definitely welcome a nudge.
Type your comment> @bee said:
Having trouble on payload/POC. Kept it simple, tried more complicated and even tried to trigger manual. Been mindful of formatting, would definitely welcome a nudge.
It works as is, just change the File Name to what you want and the string to the parameters, you might want to add a line to print the response content, or see it through Burp.
Can someone help me out with the PoC please? Im able to ping my machine, but everything else i try does not work.
found 2 ways to get root.txt
got it. had a lot of fun on this one. I did have to switch from EU to US and that seemed to help.
Got root. Who wants to share how they did it because I see multiple people say there are several ways to do it?
Did this box completely die? I cant even open port 80 anymore
Finally got root. It was fun. Overall very nice box.
Can someone give me a nudge, I can run commands on target, but my payloads seem to be failing.
Got User! Finally… So for the people struggling with payload:
You must have a writable PATH!
So if you upload anything, provide a detailed path in output. Also, I did two request in order to get a shell back… Hope this helps! and on to the ROOT!!!
the box is unresponsive most of the time 
and neither creds work nor the exploit
@MariaB said:
the box is unresponsive most of the time
Yeah right. Someone’s messing up with the creds. Not working even after a reset
the only thing i get is errno = Connection refused
EDIT:worked, after 100 attempts