finally I have to read a writeup to get the flag… But I was so close of the final result.
Just some point I can’t understand, someone can explain to me :
Why the simple whoami is not work ? Each time the server respond with code 500.
Not sure what you mean by " Why nc is not work to make a reverse shell?" I used a netcat listener, not sure if you mean a netcat listener… The other one, I did not try. I started with a ping request to my machine.
If you download something (while submitting the form), try to use Burp Suite and intercept the POST request. Check what arguments are submitted and how you could use them in your advantage.
My very first root! This one took me way too long, the solution is relatively simple when you’re looking in the right places, but beware of rabbit holes. I probably would have failed without hints from @Nevuer and @Cerv1, many thanks!
Is it possible that there is an article that explains a little how to be able to obtain the user with burpsuite? I’m not saying precisely this box, but maybe some other vulnerability. Perhaps in the acadamey htb there is some module.
I get an idea from the clues they give about using burp and the Post method, but I don’t know exactly how to build it and I don’t want to send dm to get it done, I prefer an article or similar example to get an idea of how I could do it
I have tried for hours to get rev shell. Syntax must be wrong. I’m to the point now where I am following walkthroughs and STILL cannot get the rev shell to go through properly. Something simple is wrong.
I am so frustrated with this machine… Can someone please help me with whatever my mistake is?