User: Most of the replies here have already given more hints than I would have. Identify the vulnerability. Identify the service that is running. Then Google that combination. Try different things. Root: Everything is there for a reason. Identify what it is, what it is running, and how to exploit it.
Hint for User flag: Look for the service used by the application. There are different types of expressions and methods you can use to gain the user flag. Just use all the resources you find in Google with the service and vulnerability type.
stuck on reverse shell. I can execute some commands like ping myself and even get a simple netcat connection, but not interactive. Tried different techniques to bypass banned char block, different java syntax. Any hint about it would be great
You can get a reverse shell in more ways than just executing a reverse shell script. You could try base64 encoding the command and piping that into bash after decoding. You could try uploading a webshell into a webdirectory. You could try uploading a shell script with a reverse shell inside it and executing that.
Some of these options might work, some might not. You will not get further without trying things out.
Hey folks, i am still working on root
I am p.o.'ed - because now that i can ssh in i actually have less privileges than i did with reverse shell.
I know why , but i what i do not yet know if it is important or not.
I am posting because i was only able to get rev shell by uploading a little Elf helper.
I tried other stuff and had no luck.
but upload ; chmod ; listen on your box and the exec the binary - worked for me.
and like i said, that rev shell has more access than ssh-ing into the box as the user.
wish me luck on root
-nonattribution