Official Sau Discussion

system · July 8, 2023, 3:00pm

Official discussion thread for Sau. Please do not post any spoilers or big hints.

surfinerd · July 8, 2023, 3:10pm

A shop basket, hmmm…

Paradise_R · July 8, 2023, 3:40pm

My processors cannot calculate how the machine’s name relates to any theme

Jutin · July 8, 2023, 3:51pm

in love with the fact that this box is just named after the creator

get that bread/rep sau

R1D3R · July 8, 2023, 3:51pm

The only connection I see with the machine name is the creator. What makes me think is the avatar…

C4roQu1ntero · July 8, 2023, 6:31pm

The basket

C4roQu1ntero · July 8, 2023, 6:37pm

Rootedn’t

panda08s · July 8, 2023, 6:42pm

Can someone help me with the RCE?

008000 · July 8, 2023, 6:44pm

■■■■

C4roQu1ntero · July 8, 2023, 6:53pm

ChatGPT

panda08s · July 8, 2023, 6:54pm

Pentest GPT

HackermanJosh · July 8, 2023, 6:57pm

“Hey Alexa”

3xpl01t · July 8, 2023, 7:17pm

seriously man look at top 25 section 11 min

lim8en1 · July 8, 2023, 8:05pm

The machine is really easy Some hints:
User: check out the web app and look how to access that what was not accessible at first.
Root: get a good shell access first, after that exploitation is trivial

theazad · July 8, 2023, 8:19pm

Lolali · July 8, 2023, 8:24pm

I dont find anything but i found some docs on an exploit but i am lost in the sauce rn xD

3xpl01t · July 8, 2023, 8:25pm

i found an poc and everything worked what is poc but can’t seem to understand what to do next

JimShoes · July 8, 2023, 8:32pm

I’m in the same boat. Still trying to figure out how to leverage the exploit properly. Got some results though, so it’s a start.

RudeusGreyrat · July 8, 2023, 8:38pm

Same here, I see the attack vector but still looking for the payload

panda08s · July 8, 2023, 8:46pm

The exploit gives me the shell to my computer, I guess it’s because of the zsh, but still in bash it doesn’t work.