Bounty

3R3B05 · August 27, 2018, 11:16am

Struggling to get the right file to upload, tested loads of file types all resulting in Runtime errors.
A nudge would be great!

ghroot · August 29, 2018, 9:47am

Can I ask question about priv esc?I’m using right exploit but it doesn’t work

Leonishan · August 29, 2018, 10:37am

@ghroot said:
Can I ask question about priv esc?I’m using right exploit but it doesn’t work

Make sure you are using the right shell architecture. I had problems with x86 shell running exploits in a x64 system. If it is your case, migrate it to a x64 shell.

ziqolu · August 30, 2018, 9:50pm

I had quite a lot of issues with RCE, but rooting was easy. (:

opt1kz · August 31, 2018, 2:27am

Edit: Figured it out. A simple Google search with the right terms related to what you’re trying to do (server type, the action you’re performing on the “t” page, etc) will get you started with RCE. Then it’s just a matter of keeping it very, very simple and using tools available on the host.

jgorski · August 31, 2018, 2:50pm

Big thanks to @wilsonnkwan - I picked up user but my privesc-fu is too weak. I’m going to invest in the HTB membership and work my way through the retirees to gain some experience (while checking out @ippsec when stuck). Thanks all - great forums!

werk0ut · August 31, 2018, 9:21pm

Any hints on which of the retired boxes have similar steps in it that might help with Bounty? PM if you’re open to sharing that info.

Raphaeangelo · September 1, 2018, 2:55am

I’ve got the RCE but I cant even cd out of the directory I’m in. seems like only basic commands work. I’m trying to download stuff from my machine that will allow me to do other stuff but the RCE is really limited. I’ve been at this for a week and its driving me crazy! Please DM with a hint.

opt1kz · September 1, 2018, 3:49am

@opt1kz said:
Edit: Figured it out. A simple Google search with the right terms related to what you’re trying to do (server type, the action you’re performing on the “t” page, etc) will get you started with RCE. Then it’s just a matter of keeping it very, very simple and using tools available on the host.

GreysMatter · September 1, 2018, 4:15pm

Any you guys got a decent extension fuzzing list that you are willing to share … mines is pretty poor.

opt1kz · September 2, 2018, 5:33pm

Edit: Never mind. Rooted.

bradmn · September 2, 2018, 6:15pm

Anyone willing to shoot me a PM on the privesc? I have a reliable shell but I’m not sure on what to do next.

securityNinja · September 2, 2018, 6:32pm

@opt1kz check the architecture

opt1kz · September 2, 2018, 6:46pm

@securityNinja said:
@opt1kz check the architecture

It wasn’t an architecture issue, but thanks for responding. Just rooted it.

Andromalius · September 3, 2018, 7:16am

Going to have to shelf this one for now. Read through every post in this discussion and I’m still not entirely sure what I’m supposed to be looking for in these directories…

n0tak1dd1y · September 3, 2018, 7:24am

Guys any nude on get through 404 error while doing RCE? Might help a lot or if possible me

bradmn · September 3, 2018, 7:27pm

@Andromalius said:
Going to have to shelf this one for now. Read through every post in this discussion and I’m still not entirely sure what I’m supposed to be looking for in these directories…

Have you looked at all of the files on the site that you have access to? Give it a go with your enumeration tool of choice and see what you can / cannot access.

raouf09 · September 3, 2018, 10:56pm

hi
can anybody give pm for initial steps

raouf09 · September 4, 2018, 1:31am

anu budy can pm about rce and 500 error

Andromalius · September 4, 2018, 7:02am

@bradmn I honestly can’t remember anymore, but I’ve gotten a few roots since then. Might have learned enough to see something I missed before.

Looking forward to heading back tomorrow.