Official Inject Discussion

java · March 16, 2023, 3:36am

Mate I am stuck

grav3m1ndbyte · March 16, 2023, 4:51am

I know you did it, but the gtfo way only needed some typical modification. Nice box indeed.

yhbaby · March 16, 2023, 9:36am

How to get root access？No matter what the machine, getting root access is always the hardest for me

ANoobyNoob · March 16, 2023, 1:39pm

Hi there, I’m trying to get the user flag and I’m looking in the pom.xml file. Is it a CVE or other vuln on dependency that wa have to use ?

Ahl3rs · March 16, 2023, 1:39pm

So after a few days, realized I’m dumb and didn’t traverse far enough to validate if it worked or not. Think I’m on the right track now.

yhbaby · March 16, 2023, 1:46pm

目前来看确实是这样的

ANoobyNoob · March 16, 2023, 3:21pm

Guys I dont find the right CVE to exploit. I searched several times and I found several CVE and exploit but I dont understand how they works What is it please ?

tsookami · March 16, 2023, 3:24pm

try to find a xml file and upload any file to the server.

MFarooqS · March 16, 2023, 3:32pm

can someone help me in root

ImNotRoot · March 16, 2023, 4:02pm

The user flag is on the actual machine, youll find something vulnerable to a nice exploit in the pom.xml. Try searching things you see in there with the word exploit after it.

ImNotRoot · March 16, 2023, 4:02pm

PM me

voxxable · March 16, 2023, 6:30pm

I’ve found the exploit to utilize via config file enumeration but am getting a 500 error upon utilizing it. I’ve tried some different combos and could use a nudge to see if I am on the right track or if there’s something I missed. Thanks!

GoodmanDev · March 16, 2023, 6:41pm

IIRC getting a 500 error is expected, so don’t let that throw you off

arsic · March 16, 2023, 7:23pm

I’v been trying to figure out how to get root. I’ve tried going the gtfo bins route, but not luck, seems that all the SUID files I find aren’t vulnerable, unless I’m missing something? I ran pspy as well but might need a nudge t figure out what process I might be able to take over. Any help or nudges would be appreciated!!

arsic · March 16, 2023, 7:40pm

Could you provide a nudge or hint as to how you got root by chance? I’ve been stuck trying to get it, for me the user and the leaked creds were easy but I can’t quite find how to get root.

ANoobyNoob · March 16, 2023, 9:42pm

I can use the RCE but I can’t do a reverse shell can anyone pm me pls ?

petitzeppelin · March 17, 2023, 6:53pm

Same step for me, newbie too. If someone has some explanations or documentations that I can read(or a specific module in hack the box academy), please share. At this point, I don’t know what terms I have to search in google to move forward into this box. Thanks

Lazaro13 · March 17, 2023, 7:12pm

Yeah bro same. Just needing a clue to continue not the answer at all because there are not the magic.

mrZapp · March 17, 2023, 9:46pm

Hopefully someone has a hint because I’m stuck for a while. Been staring at a found .xml for a while now. Found a few exploits with some google searches with the info from the found file, but none seem to work. I suspect I’m missing something.

tsookami · March 18, 2023, 2:30am

Just rooted it!