Finally got the first bit done. Successfully uploaded and results received. 
Just to verify:
-
Nimbus Mono
-
If you get an error with any part of the code bold it!! (Thatās how I got my results)
Finally rooted.
I think im just stop this for now.
I am already like 150+ SS in and the image format that was working perfectly fine suddenly stopped working, sad 
Extremely frustating machine.
And the index of Popen class keep on changing, lol
This one took much longer than expected.
For those stuck on the font, I was successful with MS Word. Font used was consolas.
In wordās font settings go to advanced. I played around with Scale and Spacing to fix those pesky underscores.
Root is straight forward when using awesome enum (mentioned before) look for things that you can change.
1 Like
Vulnerability of box is clear. You can just google and find lots of information about that. The annoying part of the box is getting the user. To get user you should adjust your payloads without {} and try to understand which parts of your payload not readable by application. Probably you will have some extra spaces and missing "_ _ ". So after analyzing this try to change these parts in your payload. Use some different fonts, use bold option of font. And when your payload will be understandable by app add your missing {} part .
After getting the user, just use basic priv esc tools and some continuously process reading thing. You will understand it and got it.
If any question feel free to ask me.
500 Internal Server Error on that page when i try to upload an image. Is just my issue or is general? Iām in the US Free 1. Iāll be glad if someone can check it out.
i was able to get /etc/passwd but the other command i cannot get. have tried over 130 screenshots. can anyone message me?
Ok! I am absolutely losing my mind here, Iāve tried all the fonts in gimp, tried sizes from 36 to 300. Canāt manage to find a single on that gets the job done, extra spaces, underscore missing, wrong quotation marks. Iāve been losing my mind, please someone tell me how you made it workā¦
search in google āonline text toolsā Text to image converter. Choose options font size 46, Monospace, padding 10, PNG format.
Useful site to read
https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/Getting the right font, etc is painful. After frustrating attempts, I noticed that taking screenshots from the kali terminal (with Hack font), worked almost flawless (I zoomed in to the max). Only the 0 was a bit trickyā¦
Hope it helps to relieve some frustrations.
happy h!
I need some help in understanding about how to read files from the vulnerability is being identified. I had tried so many payloads to read the contents of the file but none of them are working.
I have identified the vulnerability , but not getting a way to exploit. Any hints will be a great help.
Iām with @leo! I tried a thousand times with GIMP, online tools, etc and had terrible results. Opened vim in a terminal, bumped up the font size to 18, and screenshotted. Got it in two tries after that.
1 Like
Iām a bit frustrated with the privesc which should be āeasyā. Found the script and monitored whatās happening when a user logs in. I was thinking of hijacking the RxxxxxxxT variable inside the script somehow so I could pipe stuff as the parameter of sxxxxxxl but Iām unsure about the method. Is this the right track or what?
This is probs pretty basic stuff which Iām overthinking once again. I would appreciate a nudge!
Edit. Ok, was definitely overthinking it big time and missed the obvious.
Tip: just if you canāt use your regular text editor to edit a file doesnāt mean you canāt edit it.
1 Like
Can someone give me a hand? Iāve tried many things without success
Can I DM you, I wanted to ask something
You can DM me.
sure!
To everyone who straggle with the font part, I used Lucida Sans font with 72 pt and it worked.
1 Like
WHat txt edittor did you use?
I think my font rendering is entirely fuxx0red.
Can any of you DM me an image that worked for them so I can see if thereās some other problem on my end?
Iād appreciate it.