Sorry - i somehow cant delete this post.
I used KALI VM and making the pinture with paint in windows and then drag-drop into the VM. is it ok this way of working or you are using a smart way?
I personally used LibreOffice Writer.
machine should be renamed to āpatienceā. for me, gimp, monospace(24-36px range), 1.0 kerning, worked. donāt get frustrated if you donāt get it at firstā¦ it took my 71st trial before i got balanced.
what font did you use?
what the upload page says? Can you look up info about that backend technology? Find common vulnerabilities fot that backend and images. RCE is the worst part, but I think I gave u a hint
That doesnt affect, at least for me, I did it that way (gimp tool), but I made a lot of tries
I tried so many times using text2image, but image size and fonts/font sizes that it provides didnt work for me.
hey bud Iām new to this forum and to hacking i need help i found the sub-domain ā¦ and Iām stuck uploading. i tried exif tool with the P***** language payloads and nothingā¦ Please Help!!!
Error occured while processing the image: expected token āend of print statementā, got āintegerā
???
ı didnt remember the font but ı just use kate text editor on my ubuntu box (zoom in and take screenshot)
Foothold: For the RCE to work, as someone suggested, try the payload without the brackets to see if it is recognised correctly. Also having some other characters before and after the payload helps. From there, alter the characters accordingly that are incorrectly recognised.
Root: A little enumeration will get you to root
This kind of image RCE is something that can be real or made only for this use case?
Do we need to use pspy for the privesc ?
Any help???
Error occured while processing the image: āmethod objectā has no attribute āglobals__ā
Thanks, once I got that sorted the rest was pretty straight forward.
Root was a bitā¦āis that it?ā
Size of f___ made my day
Anybody please help me to see the privesc on that box. PE 95% from the awesome script doesnāt put me on the right track. I donāt know how to deal with that. Thank you !
Can anyone help me with this machine. Complete noob here. Got into the upload d***** page but the RCE is really not understandable for me. Tried changing the file extensions and got to some point but no progress.
I can inject 2 numbers and add them, but I canāt make it return a value from the console or a data dump, any clue, forum or something where I can start to study a little more