Official Shared Discussion

riboyster · August 21, 2022, 9:31pm

Sqlmap

JacobE · August 21, 2022, 9:32pm

I would recommend manual exploitation. You can get sqlmap to work, but the exploit isn’t too difficult to do manually.

riboyster · August 21, 2022, 9:34pm

I’m basically just trying every prestashop exploitation know right now. It’s a long ■■■■ list though.

JacobE · August 21, 2022, 9:36pm

That isn’t going to work. Look at anything that is custom.

riboyster · August 21, 2022, 9:42pm

I found the XSS. Is it that?

JacobE · August 21, 2022, 9:43pm

No

JacobE · August 21, 2022, 9:44pm

DM me if you have further questions. Just so that this page doesn’t become a walkthrough.

riboyster · August 24, 2022, 9:33am

Finally rooted, thanks for the help @JacobE.

Anyone PM me if stuck, I documented it pretty well on my end.

satya · August 25, 2022, 4:23pm

still struggling for root access

riboyster · August 25, 2022, 7:00pm

What exactly did you need help with?

nullb1te · August 31, 2022, 8:40am

Pretty good machine, thanks to @JacobE for the hint about the initial foothold. I would say that this is the trickiest part of all. One small note from me about the PE, if you cant just find the juice in all the other gibberish try to replicate the setup locally and “listen”. PM me if you need some details.

NoMad · September 21, 2022, 7:32pm

First time around, I got stuck. Second attempt was easy and straight-forward somehow.
Although for root I was lazy and used a well-known framework to exploit instead of wasting 2 hours to introduce typos in every step along the way of putting it all together by hand.

robinas · September 23, 2022, 10:46am

Machine was pretty decent. meowmeowattack’s summary is quite good in getting you aligned.

Initial web checks takes you through a lot of rabbit holes. There are a lot of endpoints and functions shown by general enum. Focus on what you can get by using the site as intended from a guest.

***map does work but you need to specify a depth and where the needle should go. But doing so manually on burp is doable.

From there on lin**** and **py can be used to find stuff that have known vulns for the applications on the box.

Never tried the final privesc before so was interesting. Hacktricks has the info to use.

X90MUL · September 29, 2022, 7:10pm

I’m trying to get a foodhold on this box. Going by this thread, I’m trying to use something that is customizable to return something interesting, but I can’t get the right payload… can someone DM me a hint please?

PwnerSec · October 22, 2022, 6:05am

Rooted! DM me on discord (n3hal#1527) if you need any hint.

Topic		Replies	Views
Official UpDown Discussion Machines	53	6411	February 1, 2023
Official Moderators Discussion Machines	12	2470	October 17, 2022
Official Undetected Discussion Machines	62	5606	June 27, 2022
Official Backdoor Discussion Machines	93	11062	May 30, 2022
Official Driver Discussion Machines	72	9524	May 5, 2022

Official Shared Discussion

Related topics