Same for me, less priv with ssh than with rev shell, know why too
I’ve identified the process to exploit but don’t know why.
Good luck !
2 Likes
Any tips for the SS**? I think I’ve figured out the language but can’t figure out how to escape filters.
1 Like
Someone can help me to priv esc?
I’ve got further on the PrivEsc after some sleep, but I’m struggling to get this last piece working. I think I know what I need to do, I just can’t figure out how to “execute” it.
EDIT: I can now read files as root, but can’t get any sort of shell. Anyone able to help me out with that?
I found a process but, don’t know is it right track. Is ja* file right track for priv esc?
I tried different approaches but I’m also stuck on privilege escalation
DM me
i guess im stuck there too
While I have done the SSTI payload generator, I’m still confused on the difference between a $ and a *. Could some DM to help me understand
I eventually spotted a very obvious way to identify the application framework - Tip: Choose any page and take a closer look at it. Trust me…it’s right in front of you. I’m up to privesc now.
1 Like
Can you write files as root?
I’m interested in this as well. If anyone can explain this that would be awesome.
Hi,
I need some nudge. I see that STTI works on basic injections such as (77) or #(77) works. But when I try to use more sophisticated payload I have no succeed. This kind of methods are new for me. So, I am not sure if I am on the right track. Looks like I don’t. Maybe it is the part of spring boot?
thanks
any hint on PE? does it have to do with the /c***** directory?
Hey guys, I’ve tried for hours to get a reverse shell : webshells, reverse with PayloadAllTheThings but I think I’m stuck. If you guys could help me (via DM or not) that’d be great. Thanks 
DM me
1 Like
User:
- The page already gives you a hint on injection. While it may be a search bar, could it be another kind of injection? (A lot of people already said the answer in this discussion forum)
- There is a page to identify the backend. Just google it. Once you know the backend service, google for its cheatsheet.
- Before testing the cheatsheet, there is something to be added infront. There are two kinds of stuff. One produces a clean output while the other doesn’t. Choose the clean version and complex injection from the cheatsheet should work.
PE:
- Don’t use SSH to enter the machine. Use a reverse shell as it has more privilege. If you emulate for ways to PE, you will figure out why this is the case.
- Once you find interesting J**, you will need knowledge of that language. Understand it to know what to do to exploit the J**.
- Check out the J** output, what can you usually do if it is the web version? Same thing can be applied to this.
Good luck!
5 Likes
Rooted. PE is not comparable in difficulty to the User, so don’t worry if you will not be able to get it quickly. Hint: you need to understand how a specific file is being created.
1 Like
Got user flag. Thanks to sekkabak for the hint! It took me a while to realize that it was all about the STAR. I didn’t even have to Google a lot.
Alright, I was doing my best to not have to post anything, but here I am. I’m on the first part, with the search box, Any time I change a variable the website gives me a white screen. What’s that for? what am i doing wrong? thnx