Official Noter Discussion

What a great box this was! :grin:

  • Since you can register your own user, the next step is to figure out how to access the web app as a different user. Finding that username is pretty simple, just pay attention to error messages.
  • There are hints on the box to get you on the right path. The actual exploit is a known CVE that impacts a script that processes some data that you can control. Read the code and follow the input path.
  • Another known attack to get root. Check what’s running on the box and under which user it’s running, a classic mistake. There’s even a handy exploit that does all the heavy lifting for you.

I really enjoyed each step for this box. It was a lot of fun. Mad props @kavigihan!

PM me (or hit me up on discord InfosecGreg#1683) if you need any hints.


You have any luck yet?

Finally rooted it. Just a hint for those of you who ‘cant open shared library:’

you may need to locate the plugins path and use that instead…

I wasn’t able to get a reverse shell, but I WAS able to cat. And after all the trouble this box has given me, that is good enough.