Canape

Arch1tect · August 8, 2018, 8:59am

Just finished it. Amazing box! If anyone needs a nudge PM me.

NorbaK · August 9, 2018, 10:39am

Just rooted this amazing machine ! All the boxes seems impossible at start but Canape is pure ■■■■ ! It was frustrating to stay for days stuck, but more re-comforting than others at all! If anyone needs help PM me.

SpiderSec775 · August 9, 2018, 11:42am

I have been accessed www which is web directory permission.I need to go deeper to dump both user.txt and root.txt

hagi · August 9, 2018, 2:54pm

Can someone give me a hint regarding the initial pickle situation ? I have a payload that is working locally, but I keep getting 500 errors when I send it to canape using python requests library

gregX01 · August 9, 2018, 3:09pm

Am i missing a port during enumeration?

saad113 · August 11, 2018, 2:15am

I keep getting 500 response ? can someone help me ?

0x23b · August 12, 2018, 9:19pm

Just rooted! Thanks to the author for this great box. It’s my favorite since so far.

The user acces was the whole time just under my hand, but I was too focused on RCE. Rooting is easy once you have user acces.

mcruz · August 12, 2018, 10:34pm

Rooted PM if you need help.

AikiGage · August 15, 2018, 10:34pm

Could really use some help. I can’t get past the 500 Internal Server Error. I have sent my payload directly from Python using Requests but still no luck. Any nudges in the right direction would be greatly appreciated.

wilsonnkwan · August 16, 2018, 8:51am

Rooted, thank you for all the help from my dear friends.

Hints:
For initial foothold, enumerate the machine. May help if you can dump the whole set using some tool by internetwache and try to create a script to exploit against it.
For getting the user after the initial foothold, reach a bit on the db administration on how to add admin users.
For getting the root shell - this is ironically the easiest part, just google.

muditjais · August 17, 2018, 8:23am

unable to get rce… have payload working for ping command

km0xu95 · August 17, 2018, 1:54pm

Unable to get RCE too. Any hint will be apreciated…

muditjais · August 17, 2018, 11:58pm

finally rooted canape… great machine learnt a lotttt…

Neetx · August 18, 2018, 9:11am

@yazid101 said:
pls help , cant copy/clone the repository ?? is that supposed to happen …

I have problems with this step too…

EDIT: python POC works locally, but when I try to use it with the machine I receive error 500
EDIT2: I have initial shell, but now i’m stuck

Djinn45SQL99 · August 19, 2018, 6:39pm

I don’t understand exactly how to run the .git program… maybe I’m in left field but anytime I got anything of github there is a install file or readme to guide you through the building process. I have a feeling I’m way off tho. anybody?

Djinn45SQL99 · August 19, 2018, 6:40pm

iv’e got the Couch on my local server and trying to run the .git from canape in it? what is going on here

Rayhan0x01 · August 20, 2018, 5:45am

Spoiler Removed - Arrexel

km0xu95 · August 20, 2018, 9:38am

Rooted! Fun box and big lessons learnt

InfoSecJack · August 20, 2018, 1:02pm

Can anyone PM me on discord [pain#9033] for a hint about user? I have no idea where to go next

mochan · August 20, 2018, 1:02pm

Any help on enumeration I’ve scanned all TCP Ports but only getting http and ssh ??

PM would be appreciated.

Topic		Replies	Views
Bounty Machines	461	71804	August 9, 2024
Official Zipping Discussion Machines	156	13309	January 9, 2024
Fortune Machines	279	38427	August 2, 2019
Hint for HELP Machines	855	136434	June 16, 2025
Kryptos Machines	109	13174	September 20, 2019

Canape

Related topics