to get RCE does the answer payload need to be encoded in a certain way? ive read the blog and watched the video but am lost as to the text that is pasted into the answer box…it appears to be encoded but isnt explained or maybe it is and im too daff to understand it.
no, it does not.
cannot help you on what that encoded string is but it seemed to work just fine using the malicious formula
Hi Guys, I found the username g***i and found the password and the extra bit, I have tried multiple combinations including using a surname as part of the user but I cannot login to oe… I just don’t see what I am doing wrong? any help would be most appreciated… Cheers.
Zap proxy provide some nice features : log all http traffic (to further analyse), replay some requests, index site (follow all links to search and log all pages), and search for string in logged traffic. Play with it and you will save more time later!
user
If you google correctly and read carefully what is possible, you will get you user.
root
Think about your system in term on read, write, execute. What can you write, read, execute and who can make what for you?
Its simple to reproduce the env in our local machine to test more easily.
Root shell is also possible, with a similar technique.
hayyy guys i need an explanation. i got user.txt but for root i found world witable directory and interesting tar file owned by root. i know that wdcd in and sc attack can be used . but to use these methods, i need to have a suid program? am i right or worng, i’m confused now. PM me . i wanna discuss that.
Hmm … I’m just so close, that I start to smell the root flag.
I’m trying to be “wild” … however, the exploit doesn’t work when I’m outside of the folder, but applying the command in the same folder works great … if anyone has an idea please share it with me <3
Update: Got the flag … but didn’t root the machine thanks to @wizlord … however not sure why being wild didn’t work for me to get the shell.
Man … I want to beeotch slap this machine. I have gone wild 7 ways from Sunday and it just wont work for me. @wizlord show me the way. I am sooooo close.