I’ve got some questions about Bounty. I did the box today and successfully got both the user and root flag. However, I had some strange problems with the box that left me puzzled for quite a bit and I’m not really sure how and why they occured.
I’m not entirely sure how open we are allowed to be about (retired) boxes on the forum, so I’ll keep things as vague as possible while still trying to explain the problems I had. Still, if you want to do the box on your own, it might be better to stop reading here
After enumerating the box with nmap and dirbuster, I tried to exploit the file upload functionality that can be found this way. I found a way to bypass the filtering of specific files and was able to upload and execute code on the machine by uploading a specific file type containing scripts (basically in the same way as in the official walkthrough).
And here’s were the problems started:
Sometimes this code execution worked and sometimes it did not. To execute the code, I had to surf to its address on the machine using my browser. I intentionally uploaded very simple code first to understand what is possible. I did this multiple times and somtimes execution worked and sometimes it didn’t, even with the same code. When it didn’t work, the browser kept getting stuck in a loop, i.e. the tab was showing the usual “site is being loaded” circle symbol, but nothing happened. Even though the injected code was just a simple printing of a short string.
After quite some time, I finally managed to get that to work and got a meterpreter shell on the system. I tried some exploits to escalate my privileges, but didn’t get them to work. After I tried for a few hours I felt stuck and had a look at a walkthrough to find a tip. There I saw that I was actually trying to run the correct exploit, but it didn’t work (msfconsole said that the exploit ran, but no session could be created).
Well, after I tried to get this to work for several hours, I finally decided to follow a walkthrough step by step to better understand the process. This finally worked and I got root.
After this, I was motivated to try my initial approach again (which differed a bit from the walkthrough) to see where I went wrong. I restarted the machine and did everything exactly as I did it before following in the walkthrough and suddenly everything worked without any problems.
I have no idea why, though. I actually tried restarting the machine before, but it didn’t help. Actually, after I rooted the machine for the second time, I wanted to try it again for a third time using the same approach… and then I got stuck at the “browser is loading, but nothing is happening” problem again and decided to stop for today.
Does anybody have any ideas or tips what could have been the cause of this? How to circumvent this problem with the file upload exploit? And why the same meterpreter exploit using the same payload worked totally fine twice when it didn’t before?
Thank you in advance!
I’m still new to this and am trying to understand everything as good as I can.
Please let me know if I should provide more details. I can be much more specific about my steps and explain them all in detail, but again, I’m not sure if that is okay here.