Official Inject Discussion

It says Inject is under Maintenance.

I know that i can get the pom.xml file in the show_image path, but the argument img=pom.xml is not working, any hints?

the pom.xml is to help you to enumerate further.
Try to read the content

Stuck on privilege esc.
I think it’s got something to do with ansible, playbook_1.yml or polkit maybe.

The first one

Rooted and done.

Tip: Instead of directly trying to form reverse shell, try command like touch /tmp/root_test.txt to test if payload works in case the exploit isn’t supposed give response directly.

The hints provided in this thread are sufficient to figure this one out.
Fun machine with some new things I wasn’t aware of.
If anyone needs extra help you can send me a PM here or on Discord

Hey guys so I found the exploit… and I was able to touch a file and confirm the exploit works even when the 500 is present. however I cannot for the life of me get echo to push anything into the file for rev shell… please help?

curl and wget not working… box is busted. guess I’ll try again tomorrow

Same…ran some limpeas, linenum, lin_exploit_suggester…lot of info

tried some ansible exploits…

searching for this pom.xml file

got user pretty quick but have spent hours trying to root this…great read in this forum for ideas…

Hello, Can someone help me with Root ?, i don’t know how get it . (/bin/bash -p) not work. pspy64 only show me /playbook_1_yml. Im newbie

Im think too

hey did you manage to get flag. if you need help dm me.

Anyone got a moment? I think I know what CVE is used to get the user shell, however It does not seem to be working, I think I am doing something wrong. PM me?

I truly did find hard time even getting a sens of this machine, I really hope sharing some requirements before exploiting this type of machines as a total beginner

Hello. Had a question on this box. I think I have it figured out (root). I am placing the file in the tasks folder. Doesn’t seem to work…the target is letting me put the file in that folder. Do I need to put it in a temp folder? Thank you.

I have some trouble to get a reverse shell, I have a rce, but cannot have a reverse shell, any hint ?

Try to put the payload in an executable file. Then execute it.

Thank you for your help, I already tried using .sh,.php and .py file without success …

Spy the process who is running when you run you task, it could lead you. If you still have trouble, fell free to dm me.