Official RedPanda Discussion

you can download the app and run locally, observing all changes.
via local testing i noticed i’ve thought too hard. simple exploit works.

Fun box. User part is tricky, root part is really straight forward.

DM me if you need nudges.

6 Likes

I finally got root key. However, I still a little bit do not understand how XXE actually works here. It starts working when XXL is parsed in MainController.java or how? Can anybody help?

Finally I rooted RedPanda. 100% agree with the other guys who said the PE Hard.
My hint for PE : Study a minimun Java Language

Bye
Cuz15

could someone help me with the reverse shell, i’m trying to set up the payload but i’m not getting the “reverse shell”

try this, bro

2 Likes

i was using this site and i got a rce, but the reverse shell does it work ? beceusa i wasn’t getting a reverse shell, i’ve tried with python3, bash…

thanks bro, i’m new to all of this, was looking for any sort of help, you just remined me why i started this, not because it was easy, its a challenge that you should figure out yourself and feel the pride as you accomplish it on your ace

1 Like

try to create a payload using msfvenom. i just created payload for linux (elf) and then executed in terminal. you need just upload this elf file to vulnerable machine and execute it

1 Like

I am facing the same issue right now :frowning:

what i can study to capture root flag ? pls help me, no spoilers.

Stuck on snagging rev shell - I already know a few things, but can’t quite get the payload right. Any nudges in the DMs would be helpful!!

same here

Hackthebox machine webpages not loading when entering IP address into search bar

Guys, I already took the user flag, but I am stuck how to get a reverse shell. Very grateful if someone helps me

pls help me

DONT USE $
try *

kinda off-topic but:
im facing a problem with TLPMAP

when i start enumerating with “tlpmap” it shows me an error " Exiting: ‘bool’ object has no attribute ‘replace’ ". can anyone help me out to solve this error?

as said before it’s an XXE. You can find out where to put the XXE by enumerating the system with for instance pspy64 and move from there

1 Like

This was a fun box, I learned a number of things from it, especially privesc to root.