Official Laboratory Discussion

Can someone give me a little push in the right direction in pm’s?

i am getting 502 anyone else getting same error

I´ve found and registered for g****** and even found an potential RCE but I’m stuck… any hints, pm me, no spoilers. I can tell you what I’ve done.

You can send me a pm @dutchinho

@Jk3r said:
Anyone have a good article on how to exploit G**** with dokcer, i have the secret but im stuck ! Thx

did you find a way where to use those keys???

did you find a way where to use those keys???

Nope, still searching !

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

Type your comment> @andrenl said:

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

How did you use the keys? if u can help please

Rooted!
Definitely not an easy box. As usual foothold is harder than user and root. 502 error is for sure annoying and distracting.

Set up your own environment and it doesnt have to be via docker. Just simple standalone VM.
Big thanks to @PrivacyMonk3y

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Type your comment> @alphaomega said:

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Think about what’s going on when you’re doing the other files.
Break that process done. Can you use the same method it’s using?

The poc is using pipes… that’s interesting isn’t it?

Type your comment> @PrivacyMonk3y said:

Type your comment> @alphaomega said:

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Think about what’s going on when you’re doing the other files.
Break that process done. Can you use the same method it’s using?

The poc is using pipes… that’s interesting isn’t it?

I managed to finally get the g*t user. Not sure what poc is!

Felt like I was on the verge of getting RCE but got so stuck I tried resetting the machine as a last resort, and now only 502 errors like others have mentioned. Is there a trick to getting around those?

Switched VPNs and I’m back in business. Although it doesn’t fix it for anyone on that original VPN.

I can get some file exfiltration, but not much more. Do I need to set up a local G***** instance and poke around it to see what files to take or is that a time waste? Cheers.

EDIT: afaik I can only grab files that the g*****-w** user has perms to view (or one of the g*****-xxxxx users)

Type your comment> @andrenl said:

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

Hint:
Google basic commands research on G****-r**** C******.
You should think what to do with D *****
if you need something PM

Spoiler Removed

Hi Guys, There must be another trick than using R**** C******.

Type your comment> @mohsinhakak said:

Whoops, GitLab is taking too much time to respond. been like this for days, any information on how to get rid of this please PM , thanks

Same here, it worked great for me before

Hnmm I leaked the secret, but I can’t get r*** to run my payload. I tried adding spaces to remove ='s as 0xc45 suggested but still no luck. Any tips?