Official Inject Discussion

anutrix · March 19, 2023, 11:33pm

It says Inject is under Maintenance.

Occhima · March 19, 2023, 11:50pm

I know that i can get the pom.xml file in the show_image path, but the argument img=pom.xml is not working, any hints?

PostArctic · March 20, 2023, 1:05am

the pom.xml is to help you to enumerate further.
Try to read the content

anutrix · March 20, 2023, 3:25am

Stuck on privilege esc.
I think it’s got something to do with ansible, playbook_1.yml or polkit maybe.

elf1337 · March 20, 2023, 3:40am

The first one

anutrix · March 20, 2023, 4:10am

Rooted and done.

Tip: Instead of directly trying to form reverse shell, try command like touch /tmp/root_test.txt to test if payload works in case the exploit isn’t supposed give response directly.

AndreiPintea · March 20, 2023, 10:18pm

Rooted!
The hints provided in this thread are sufficient to figure this one out.
Fun machine with some new things I wasn’t aware of.
If anyone needs extra help you can send me a PM here or on Discord

Nemox0 · March 21, 2023, 12:22am

Hey guys so I found the exploit… and I was able to touch a file and confirm the exploit works even when the 500 is present. however I cannot for the life of me get echo to push anything into the file for rev shell… please help?

Nemox0 · March 21, 2023, 1:08am

curl and wget not working… box is busted. guess I’ll try again tomorrow

SaintMichael64 · March 21, 2023, 11:48am

Same…ran some limpeas, linenum, lin_exploit_suggester…lot of info

tried some ansible exploits…

searching for this pom.xml file

got user pretty quick but have spent hours trying to root this…great read in this forum for ideas…

eirikr · March 21, 2023, 12:01pm

Hello, Can someone help me with Root ?, i don’t know how get it . (/bin/bash -p) not work. pspy64 only show me /playbook_1_yml. Im newbie

eirikr · March 21, 2023, 12:13pm

Im think too

darshil25 · March 21, 2023, 1:32pm

hey did you manage to get flag. if you need help dm me.

Bu1ar · March 21, 2023, 8:00pm

Anyone got a moment? I think I know what CVE is used to get the user shell, however It does not seem to be working, I think I am doing something wrong. PM me?

zaaap · March 21, 2023, 8:03pm

I truly did find hard time even getting a sens of this machine, I really hope sharing some requirements before exploiting this type of machines as a total beginner

SaintMichael64 · March 22, 2023, 10:34am

Hello. Had a question on this box. I think I have it figured out (root). I am placing the file in the tasks folder. Doesn’t seem to work…the target is letting me put the file in that folder. Do I need to put it in a temp folder? Thank you.

hmznls · March 22, 2023, 10:34am

I have some trouble to get a reverse shell, I have a rce, but cannot have a reverse shell, any hint ?

drysalad · March 22, 2023, 10:54am

Try to put the payload in an executable file. Then execute it.

hmznls · March 22, 2023, 10:59am

Thank you for your help, I already tried using .sh,.php and .py file without success …

Luclis · March 22, 2023, 11:32am

Spy the process who is running when you run you task, it could lead you. If you still have trouble, fell free to dm me.