I would recommend manual exploitation. You can get sqlmap to work, but the exploit isn’t too difficult to do manually.
I’m basically just trying every prestashop exploitation know right now. It’s a long ■■■■ list though.
That isn’t going to work. Look at anything that is custom.
I found the XSS. Is it that?
DM me if you have further questions. Just so that this page doesn’t become a walkthrough.
Finally rooted, thanks for the help @JacobE.
Anyone PM me if stuck, I documented it pretty well on my end.
still struggling for root access
What exactly did you need help with?
Pretty good machine, thanks to @JacobE for the hint about the initial foothold. I would say that this is the trickiest part of all. One small note from me about the PE, if you cant just find the juice in all the other gibberish try to replicate the setup locally and “listen”. PM me if you need some details.
First time around, I got stuck. Second attempt was easy and straight-forward somehow.
Although for root I was lazy and used a well-known framework to exploit instead of wasting 2 hours to introduce typos in every step along the way of putting it all together by hand.
Machine was pretty decent. meowmeowattack’s summary is quite good in getting you aligned.
Initial web checks takes you through a lot of rabbit holes. There are a lot of endpoints and functions shown by general enum. Focus on what you can get by using the site as intended from a guest.
***map does work but you need to specify a depth and where the needle should go. But doing so manually on burp is doable.
From there on lin**** and **py can be used to find stuff that have known vulns for the applications on the box.
Never tried the final privesc before so was interesting. Hacktricks has the info to use.
I’m trying to get a foodhold on this box. Going by this thread, I’m trying to use something that is customizable to return something interesting, but I can’t get the right payload… can someone DM me a hint please?