Fun box. Would have been more fun had I not overthought the thing to death…
Is anyone able to inbox me to give me some help?
anyone able to assist with a foothold?
Sure! DM me
2 Likes
Tried almost every possible payload. But couldn’t get it to work with the CIF file. And regarding that server exploit, the only vulnerability I found was the debug console, which is not relevant to this machine. Am I missing something?
1 Like
Same here.
how do people find a payload for the file upload
I tried everything but I get always internal server error with no connection for a backdoor
1 Like
It took a very very long time to get reverse shell…
Reverse shell payload worked when I chose sh instead of bash 
is it through the file upload vulnerability?
how did you injected the payload in the cif file?
I’m getting Internal Server Error.
1 Like
That is what I am getting as well
Maybe you can upload your payload as a file using known Linux commands.
2 Likes
Are you sure that matters?
Can someone DM a hint for root?
Is it related to the /l***_e***** endpoint on 8080?
Spoyler: Use the payload from busybox, but change the last part to “/bin/bash” since the server is not working with ‘sh’
2 Likes
Yes, dm for help if you need
I made a list of payloads from revshells.com and used Burp intruder so all possible reverse shells are there. I then used my best friend ChatGPT to filter names and then used burp intruder again to view all of them. I don’t even know what payload that works 
but finally got a foothold
Yeah! One of shell’s from revshells.com working.
The correct file can also be found by searching for right cve on the web.
Just combine this two and go further
I struggled with it too. Turned out you have to follow quite strict format and care for operation order. Look for the example file.
I almost did it but ended up asking for help. May need to reset machine if you keep getting errors.
3 Likes
This helped me. I had found that POC and kept trying with the wrong payload. Thank you.