Foothold: Luckily there are no rabbit holes (at least I didn’t encounter any). I didn’t even use nmap, the target is obvious.
User: Fighting with eclipse to test locally was the hardest part… I hate that IDE and that language! But testing locally definitely helped writing an exploit that works. I didn’t use any off-the shelf script, some experimentation was needed to get everything just right and find the stuff that works.
Root: Too ■■■■ easy. Looks like there are multiple obvious candidates to escalate privileges. No surprises here.
All in all a very nice machine. The user part takes some time but with an evening of reading up on the topic, even I managed to come up with a solution from scratch.
rooted!! Foothold took me a few hours to figure out. Took a break and revisited it with a fresh mind and had a shell within minutes. Let me know if you’re stuck!
Hi. I found the CVE. After some tweeking (thx to @TazWake) i verified that the exploit is working by pinging myself. But i dont’t get a shell working. Tried AllTheThings but no success. Is a reverse shell not the rigth approach?
perhaps I’ve been going at this approach so tirelessly I am simply spinning my wheels;
I seem to get a correct reply to my validation request but I don’t see a shell.
when I ask for the file I created (after some syntax tweaking) I finally avoided exception error…only to see no file acted upon on my machine. I always forget if my simple server needs a port assignment when I need to listen via n* and using the same port for request, file hosting and n* tend to throw me off.
any nudges are welcome. this one is NOT fun, at least this part.