Done. I was able to bruteforce p**** password, without going the gitea route.
Keep tryingā¦ it took me around 5 or 6 times to get the shellā¦
Spent a whole day in d**** but still canāt get any meaningful result, am I on the right way or is there some other way to exploit it?
Donāt upload the file to the files section. Look at the vulnerability in detail to find the solution.
HELP, Every time i upload my exploit i get a file not found. when I run the POC script I get File Not Found. I follow every example of this vuln, I can find I follow to the tee. In all the example the exploits works, but when i follow along and repeat the steps. I get a FILE NOT FOUND. can any1 tell me y?
can someone help me
IP file path: /home/user/Desktop/payload.zip
Login account
ZIP file download.
File not found.
Finally got root flag after a day. My hint is: Donāt screenshot, export
cant get the root flag cause itās always down and no more restarts for today
this box isnāt good im trying and im waiting from yesterday and the server always gets down. I would have pwned very fast if it wasnt for this, im abadoning this box i list precious time
I try 7 tools with screenshots, image extract and some other strange methods but no way to get the information in clearā¦ Is someone can help me to find the correct tool? Or perhaps just say if I have the good processā¦
I cant get junior user to login using su, i have the right password
I cant get the reverse shell, apparently I am not the only one. Now i know why the rating is so lowā¦
Yeah, iāve been trying like 3 different rev shell attempts and have had no luck. Retried a different VPN setting and everything. Last ditch effort is to use a pwnbox. If no dice there Iāll move on I guess. I even took a peek at a write up just to make sure I was doing it correctly.
So if anyone has any suggestions on a proper uploadā¦
Man I am in the same problem were you able to get a solution?
Couple of vague tips:
Initial Access: Some say itās unauthenticated. Itās not.
Lateral movement: Donāt think too hard on this one.
Root: Use what comes with the tool, donāt try to be fancy and make your own āsetā.
Your password is most likely wrong.
Yeah, unfortunately, I was doing the right things. The box was finicky, and it just worked on one try. Sorry, thatās not much help.
Got it!
Probably the easiest machine
Takes a couple of hours checking for HOW to do some things, but you donāt need to think so much about what to do
Rooted!
The whole process is really simpleā¦ but trial and error easily breaks the machine and it will require many resets.
For the foothold you need to enumerate something, and exploit anything else. Remember the password you find, you will need it more than once.
For the privilege escalation, just remember that taking a screenshot wonāt work