Dev0ops hints

ActivateD · August 28, 2018, 11:50am

@fasetto said:

@ActivateD said:
If anyone can help me with priv Esc on this box it would be nice. I think I have an idea but dont know how to look at the past.

You are so close…
Just Google it, you will figure out…

Thank you I will. I know the application just need to figure it out

@Kinjo said:
Hint: (If it’s a spoiler, please remove it)
“Developers sometimes don’t like what they have done, and they make changes…”

Yep yep

ElieshElm · August 28, 2018, 4:24pm

get the user , … trying to get RCE or a reverse shell. but i dont have any idea, i need a hint please,

haksolo · August 28, 2018, 5:09pm

@Ju577Ry If you are sure in the vulnerability but stuck in RCE, try to use different reverse shells.

ElieshElm · August 28, 2018, 5:37pm

@rocux i get the user without any RCE or reverse shell, but i don’t think that this method will help me to get an rce, or a reverseSh

haksolo · August 28, 2018, 5:50pm

@Ju577Ry there are some important files out there worth looking other than the user.txt itself.

ElieshElm · August 28, 2018, 6:19pm

@rocux so i need to gess the name of the file ?

haksolo · August 28, 2018, 6:26pm

@Ju577Ry no need guessing. Its already displayed on purpose.

ElieshElm · August 28, 2018, 6:41pm

@rocux may be dwssap\cte right?

haksolo · August 28, 2018, 6:51pm

@Ju577Ry said:
@rocux may be dwssap\cte right?

I had sent you a direct message. I hope I didn’t spoil anything without your permission.

hagi · August 28, 2018, 8:13pm

I need some help with Priv Esc, I read back in time and I have a key but I think that I am still missing a piece of information. Can I DM someone ?

f4d0 · August 29, 2018, 4:50pm

@hagi said:
I need some help with Priv Esc, I read back in time and I have a key but I think that I am still missing a piece of information. Can I DM someone ?

If you read back on time and you have a Key, you just have to use it now…

hagi · August 29, 2018, 5:01pm

thanks @f4d0 I got root yesterday

f4d0 · August 29, 2018, 5:53pm

@hagi said:
thanks @f4d0 I got root yesterday

Great

ActivateD · August 29, 2018, 6:06pm

Took me a while to understand this going back to the past but learnt something new. Thanks everyone for the hints.

OroJackson · August 30, 2018, 12:34am

I need help with this Machine, i don’ t know how charger an XML payload.

security · August 30, 2018, 1:38am

forgot to post, this was a fun machine and was v educational, if you need help feel free to reach out

sckull · August 30, 2018, 1:52am

@OroJackson said:
I need help with this Machine, i don’ t know how charger an XML payload.

You can read files with RCE, and found files that can help you to get shell.

sesha569 · August 30, 2018, 3:43am

I am able to ping back to my machine. But not able read the files on the sever. Any hints appreciated. Thanks.

f4d0 · August 30, 2018, 12:35pm

@sesha569 said:
I am able to ping back to my machine. But not able read the files on the sever. Any hints appreciated. Thanks.

If you ping back to your machine you have RCE, why don’t you just set a reverse shell?
(I was not able to do RCE, I was just able to read info from the server.)

sesha569 · August 31, 2018, 1:49am

@f4d0 said:

@sesha569 said:
I am able to ping back to my machine. But not able read the files on the sever. Any hints appreciated. Thanks.

If you ping back to your machine you have RCE, why don’t you just set a reverse shell?
(I was not able to do RCE, I was just able to read info from the server.)

I tried for reverse shell. But it didn’t work.
I am trying to look for the services on the machine.