Official Late Discussion

Finally got the first bit done. Successfully uploaded and results received. :slight_smile:

Just to verify:

  1. Nimbus Mono

  2. If you get an error with any part of the code bold it!! (That’s how I got my results)

Finally rooted.

I think im just stop this for now.

I am already like 150+ SS in and the image format that was working perfectly fine suddenly stopped working, sad :frowning:

Extremely frustating machine.

And the index of Popen class keep on changing, lol

This one took much longer than expected.
For those stuck on the font, I was successful with MS Word. Font used was consolas.
In word’s font settings go to advanced. I played around with Scale and Spacing to fix those pesky underscores.

Root is straight forward when using awesome enum (mentioned before) look for things that you can change.

1 Like

Vulnerability of box is clear. You can just google and find lots of information about that. The annoying part of the box is getting the user. To get user you should adjust your payloads without {} and try to understand which parts of your payload not readable by application. Probably you will have some extra spaces and missing "_ _ ". So after analyzing this try to change these parts in your payload. Use some different fonts, use bold option of font. And when your payload will be understandable by app add your missing {} part .

After getting the user, just use basic priv esc tools and some continuously process reading thing. You will understand it and got it.

If any question feel free to ask me.

500 Internal Server Error on that page when i try to upload an image. Is just my issue or is general? I’m in the US Free 1. I’ll be glad if someone can check it out.

1 Like

i was able to get /etc/passwd but the other command i cannot get. have tried over 130 screenshots. can anyone message me?

Ok! I am absolutely losing my mind here, I’ve tried all the fonts in gimp, tried sizes from 36 to 300. Can’t manage to find a single on that gets the job done, extra spaces, underscore missing, wrong quotation marks. I’ve been losing my mind, please someone tell me how you made it work…

search in google ā€œonline text toolsā€ Text to image converter. Choose options font size 46, Monospace, padding 10, PNG format.

Useful site to read

https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/

Getting the right font, etc is painful. After frustrating attempts, I noticed that taking screenshots from the kali terminal (with Hack font), worked almost flawless (I zoomed in to the max). Only the 0 was a bit tricky…
Hope it helps to relieve some frustrations.

happy h!

I need some help in understanding about how to read files from the vulnerability is being identified. I had tried so many payloads to read the contents of the file but none of them are working.

I have identified the vulnerability , but not getting a way to exploit. Any hints will be a great help.

I’m with @leo! I tried a thousand times with GIMP, online tools, etc and had terrible results. Opened vim in a terminal, bumped up the font size to 18, and screenshotted. Got it in two tries after that.

1 Like

I’m a bit frustrated with the privesc which should be ā€œeasyā€. Found the script and monitored what’s happening when a user logs in. I was thinking of hijacking the RxxxxxxxT variable inside the script somehow so I could pipe stuff as the parameter of sxxxxxxl but I’m unsure about the method. Is this the right track or what?

This is probs pretty basic stuff which I’m overthinking once again. I would appreciate a nudge!

Edit. Ok, was definitely overthinking it big time and missed the obvious.
Tip: just if you can’t use your regular text editor to edit a file doesn’t mean you can’t edit it.

1 Like

Can someone give me a hand? I’ve tried many things without success

Can I DM you, I wanted to ask something

You can DM me.

sure!

To everyone who straggle with the font part, I used Lucida Sans font with 72 pt and it worked.

1 Like

WHat txt edittor did you use?

I think my font rendering is entirely fuxx0red.
Can any of you DM me an image that worked for them so I can see if there’s some other problem on my end?
I’d appreciate it.