Dev0ops hints

Vex20k · June 14, 2018, 12:06pm

@trodix said:

@Vex20k said:
I got the user, working on root. I got something related to a protocol but I can’t figure out whats missing. Could someone shoot me a PM?

back to the past Marty !

At first I didn’t what people meant by this but I figured it out just now haha. I did get something out of it as well but not sure how to use it to proceed.

FireWatch · June 14, 2018, 2:28pm

I’m stuck at the upload part and know what i need to upload but no clue what to do. Any help?

BobBobbington · June 14, 2018, 2:31pm

I think I have found the correct payload vector, could anyone PM me to help with formatting the payload?

avetamine · June 14, 2018, 2:53pm

@BobBobbington said:
I think I have found the correct payload vector, could anyone PM me to help with formatting the payload?

PM’d

o00o · June 14, 2018, 6:42pm

I have problems with the payload too, someone can help me? (PM)

jugulaire · June 14, 2018, 8:30pm

Stuck on the guessing for the file upload.

Note : I’ve read and use the obvious tips

moscowchill · June 14, 2018, 8:39pm

Some comments have made it pretty obvious as to what is expected

3mrgnc3 · June 14, 2018, 9:23pm

Really enjoyed this one.
Good job @lokori

ninposec · June 14, 2018, 9:54pm

Struggling with priv esc to root - I now the hints on how to go back in time, together with something devops use but can´t make any sense of it - need a nudge maybe I am overcomplicating it, please PM, I need to discuss my findings so far and a nudge will be much appreciated.

imaginarybit · June 15, 2018, 3:38am

Anyone need hits (not answer), just PM me. :lol:

ninposec · June 15, 2018, 4:28pm

Got root… Liked this box ?

lurchman · June 15, 2018, 4:57pm

I’m completely stuck on the web api - I’ve found a couple things and found the source for ****.py but I can’t seem to figure out where to go from here. Any hints appreciated.

lokori · June 15, 2018, 8:15pm

use the source @lurchman . Perhaps google for “exploiting *******” based on what you see there. Internet will tell you many things if you search for known vulnerabilities and flaws in some technology/library/framework/component.

CyberForte · June 17, 2018, 2:57am

Great box @lokori ! I learned a lot about…well you know.

shane2483 · June 17, 2018, 6:05am

Ok so im stuck at the start. Found two pages on the website. Cant upload anything that works… do i need to know about XML coding?

onlyamedic · June 17, 2018, 7:27am

good box. Had a lot of fun doing it.

CyberForte · June 17, 2018, 11:37am

@shane2483 said:
Ok so im stuck at the start. Found two pages on the website. Cant upload anything that works… do i need to know about XML coding?

You don’t need to know a lot about XML but if you’re doing an XML payload I’d say look at some example online and pay attention to the way it should be formatted

B0rN2R00T · June 17, 2018, 11:42am

For initial foothold go through OWASP top 10 2017 they have examples too
For priv esc look what is on box and read about it

godexmachine · June 17, 2018, 9:59pm

Three days “play” with payload. A have some questions. PM me somebody for help!

senorbueno · June 18, 2018, 4:19am

Got root. That was a fun box, took learning new things. PM if you need help.

Topic		Replies	Views
Valentine Machines	539	65142	August 5, 2018
Poison Machines	664	93053	June 14, 2021
DevOps ; What it is going on !!!! Machines dev0ops	14	3300	August 17, 2018
Smasher Machines machines , brainfuck , smasher	1	1555	June 11, 2018
Official Monitors Discussion Machines	73	8698	October 8, 2024

Dev0ops hints

Related topics