Official Appsanity Discussion

system · October 28, 2023, 3:00pm

Official discussion thread for Appsanity. Please do not post any spoilers or big hints.

Ceyostar · October 28, 2023, 5:05pm

Another Windows box. hmmm this one has name combination of words app an sanity. This implies this box gonna require to become an expert of app useage. And the man at logo of the box looks like a man who became insane to the point that he lost part of his hair Good luck everyone.

alemusix · October 28, 2023, 5:40pm

This is gonna be fun

Cabano · October 28, 2023, 9:53pm

I liked the avatar

7H31NTR00D3R · October 28, 2023, 10:07pm

its a good picture of what most of us are going to look like after this box.

JimShoes · October 28, 2023, 11:09pm

So far this box isn’t too bad. Good luck everyone!

jecpr636 · October 29, 2023, 9:30am

Ok, so I got user, but I am still confused as to one of the steps. I used port 8080 just out of sheer frustration with nothing else working. Still have no idea why this works…will need to dig into it now I have a shell but if anyone else knows, please DM.

Tips for user: Do your recon - nothing special is required beyond the ordinary (dir and vhost). Be sure to intercept everything, and look for what you can control. Then, see what changes when you play.
Once you are on the app, it is going to be much more playing with functionality. Where can you point links? How is the input/files being filtered? Test it all out and it should be fairly straightforward. Any more detailed hints or specific questions, welcome to DM.

matus · October 29, 2023, 12:50pm

For ppl who have user, does regular msfvenom generated reverse shell work for you? I’m not sure if my shell is not working or whether I’m calling it wrong.

r4yl3x · October 29, 2023, 1:08pm

It doesn’t!!! I wasted about 3 whole fucking hours trying to get a shell with it. Google should provide you one that works.

bannanadjoe · October 29, 2023, 1:43pm

yes works

Ceyostar · October 29, 2023, 2:51pm

People gonna have to visit their office

matus · October 29, 2023, 3:40pm

I’m a bit stuck at getting system on this machine, I think I have the vector, but I’m not sure how to exploit it. Could I pick somebody’s brain over DMs please?

JimShoes · October 29, 2023, 6:30pm

I dunno about prescriptions, but I’ll pour the shots for anyone needing one after all of the digging required to get to admin.

r4yl3x · October 29, 2023, 7:22pm

Any hint from de*doc?

josephalan42 · October 29, 2023, 7:53pm

Okay I sent that aspx bomb to the management what now

Guigui · October 29, 2023, 9:38pm

Hello I search informations for second flag I am on the user shell but I don’t know to find

CrazyHorse302 · October 29, 2023, 9:40pm

I am getting no where fast on this one… can anyone help me with foothold?

7H31NTR00D3R · October 29, 2023, 11:04pm

If anyone can give me a nudge on root i would appreciate it thankyou!

josephalan42 · October 30, 2023, 4:06am

Hello !! Can someone give me a nudge on how to access the modified rev shell after uploading it. Thanks!!

Kayiz · October 30, 2023, 9:06am

Need help for Uploads D** file to get Administrator :3