@UserAlpha said:
I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?
Think of ways, how you can login to a machine. You don’t have to pop a reverse shell.
Was using the wrong identity file. Thanks - in as low priv user. Time to try escalate.
@UserAlpha said:
I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?
Think of ways, how you can login to a machine. You don’t have to pop a reverse shell.
Would someone point me in the direction of using the upload syntax? I’ve been playing around with an online validator but correct syntax/structure in the validator still yields nothing.I cannot seem to get any sort of response other than the Internal Server Error. PMs welcome.
I just rooted this machine tonight after over thinking the path for priv esc. For those of you having problems with it here are some tips:
Re-read the posts here
Re-read what you have enumerated (files, services, apps)
Read the file again until you see what you have been scrolling past for hours
@lokori thanks for creating this machine! It has been the most rewarding one I have worked on so far. Got to play with a lot of different techniques I havent used yet, learned a lot.
I had managed to guess extension file and I get the callback from “DevOps” but I can’t read any file from “DevOps” I had used many payloads but none of them seems to work
Please PM
Got user. ■■■. I already learned I shouldn’t take for granted any knowledge I suppose I do know as I was forced to start from very beginning of XML tutorials to learn, how to do this injection. @lokori, you devil!
Now working on priv esc. Great box. Really nice CTF design!
well… seems this box has got me on the ropes… cant seem to figure out how to upload with out the server error… im pretty sure ive got the format wrong some how… need to sleep now, but any hints would be helpful. thx
OK. Got root. @lokori I must say that this was really fun box as I was pushed to borders of madness when I wasn’t able to do anything with that upload. And another point of frustration was privilege escalation until I realized I can revert what was done.
Thank you for this fun, it spoiled lot of nice days:D
@L31G0N said:
well… seems this box has got me on the ropes… cant seem to figure out how to upload with out the server error… im pretty sure ive got the format wrong some how… need to sleep now, but any hints would be helpful. thx
just upload the correct format and the correct entity name
if you get error it’s mean you miss something on this format
@L31G0N said:
well… seems this box has got me on the ropes… cant seem to figure out how to upload with out the server error… im pretty sure ive got the format wrong some how… need to sleep now, but any hints would be helpful. thx
just upload the correct format and the correct entity name
if you get error it’s mean you miss something on this format
ya i prolly overlooked something a bunch of times being tired… been trying to push the limits of my concentration in prep for the OSCP. ill take a closer look at the possible formats. thank you for the nudge…
Anybody here to help with the payload…I can upload the injected file …the server doesn’t show the output and also blind injection is not working…any hints pls…))