Official RedPanda Discussion

JacobE · July 9, 2022, 10:51pm

Some Hints:

User: Most of the replies here have already given more hints than I would have. Identify the vulnerability. Identify the service that is running. Then Google that combination. Try different things.
Root: Everything is there for a reason. Identify what it is, what it is running, and how to exploit it.

Spi3er · July 9, 2022, 11:24pm

Hint for User flag: Look for the service used by the application. There are different types of expressions and methods you can use to gain the user flag. Just use all the resources you find in Google with the service and vulnerability type.

Any hint for root will be good

sodakn · July 10, 2022, 3:34am

Can anyone please give a nudge on privesc?

binho1337 · July 10, 2022, 5:52am

rooted hard priv escalation

XmesutX · July 10, 2022, 9:06am

still stuck on ssti syntax.Any nudge will be acceptable

heilalalei · July 10, 2022, 9:21am

stuck on reverse shell. I can execute some commands like ping myself and even get a simple netcat connection, but not interactive. Tried different techniques to bypass banned char block, different java syntax. Any hint about it would be great

nhocit · July 10, 2022, 9:36am

Using a proper payload and star is the best way to execute it!
Follow this: GitHub - VikasVarshney/ssti-payload: SSTI Payload Generator

XmesutX · July 10, 2022, 9:41am

dude, thanks dude. this is so simple and finally I got rce. thanks for this good hint

wesjones2004 · July 10, 2022, 3:28pm

Issue one command at a time. Piping is not supported.

MrMidnight53 · July 10, 2022, 3:30pm

Im stuck at rev shell. I found that #{7*7} would work kind of but i didnt manage to get the rev shell payload. Plz help

Largoat · July 10, 2022, 4:05pm

I’m stuck here too. Tried all the Rev shells from PayloadAllThethings but no luck

Zosar · July 10, 2022, 4:41pm

Same here, even msfvenom payloads and self-made binaries dont seem to work for me…

JacobE · July 10, 2022, 4:45pm

You can get a reverse shell in more ways than just executing a reverse shell script. You could try base64 encoding the command and piping that into bash after decoding. You could try uploading a webshell into a webdirectory. You could try uploading a shell script with a reverse shell inside it and executing that.

Some of these options might work, some might not. You will not get further without trying things out.

sodakn · July 10, 2022, 5:18pm

Can I dm you about root?

heilalalei · July 10, 2022, 5:28pm

Can I also DM you about privesc?

ARZ101 · July 10, 2022, 6:12pm

Any hint for root ? I kinda know what to do but can’t seem to figure how it can be done

nonattribution · July 10, 2022, 8:24pm

Hey folks, i am still working on root
I am p.o.'ed - because now that i can ssh in i actually have less privileges than i did with reverse shell.
I know why , but i what i do not yet know if it is important or not.
I am posting because i was only able to get rev shell by uploading a little Elf helper.
I tried other stuff and had no luck.
but upload ; chmod ; listen on your box and the exec the binary - worked for me.
and like i said, that rev shell has more access than ssh-ing into the box as the user.
wish me luck on root
-nonattribution

Largoat · July 10, 2022, 8:41pm

This helped. Turns out my issues were syntax issues

binho1337 · July 10, 2022, 8:43pm

sure

binho1337 · July 10, 2022, 8:43pm

sure, send me a message