Scavenger

Type your comment> @opt1kz said:

Has anyone figured out a way to deal with the extreme slowness of that one particular thing? I got lucky at one point and was able to get a shell up, but the box got reset and now I get nothing but timeout errors.

Literally impossible to move forward because of it and it’s fucking ridiculous.

It’s funny because you don’t need that thing for root.

Type your comment> @sampriti said:

It’s funny because you don’t need that thing for root.

Edit/clarification: I know, but the way I got user felt kind of lame and I wanted to see if I could get a real shell before going for root. Oh, well.

Lots of stuff to look at once you find them… not sure which route to pursue.

@koredump said:
Lots of stuff to look at once you find them… not sure which route to pursue.

Tell me about it. Eyes going square from the insect, feel like i’m missing something but feel like I’ve tried all the avenues… time for a break!

Anyone here can drop some hints about user at least ? There are multiple places to dig not sure where to go :confused:

It looks like I can upload files…but I don’t know where they are going or how to get to them. I’d love a hint or a nudge in the right direction.

I’m trying to enumerate every possible port i get after initial nmap scan. Fixed the Virtual Host part as well. I’m stuck at this point and unable to move forward. Any nudge or hint would be highly appreciated :slight_smile:

I’m unable to get shell… I cannot make any tcp connection, but the commands work. Any tip appreciated :slight_smile:

I have the user, now I work for the root. :smiley:

can i access the whs over http? can see the vulnerability on the backend of the service, tried fuzzing it with a python script. wanting to throw sq*ap at it but only works for HTTP as far as i know

ive seen the vhost for the service but getting the error

Type your comment> @badman89 said:

can i access the whs over http? can see the vulnerability on the backend of the service, tried fuzzing it with a python script. wanting to throw sq*ap at it but only works for HTTP as far as i know

ive seen the vhost for the service but getting the error

You don’t really need any tool. That vuln is simple enough to do it on the command line.

Type your comment> @julianjm said:

Type your comment> @badman89 said:

can i access the whs over http? can see the vulnerability on the backend of the service, tried fuzzing it with a python script. wanting to throw sq*ap at it but only works for HTTP as far as i know

ive seen the vhost for the service but getting the error

You don’t really need any tool. That vuln is simple enough to do it on the command line.

Got it thanks ?

Is the insect M***s the right way here? I know I can upload but I don’t know if this is configured to disk or database. The xl method doesn’t appear to be valid on the version running.

So far a really engaging box!

so I exploited the vuln and dumped the data but info obtained is not useful and I also dont have any r/w perms. any small hint is highly appreciated. :slight_smile:

@mpzz said:
so I exploited the vuln and dumped the data but info obtained is not useful and I also dont have any r/w perms. any small hint is highly appreciated. :slight_smile:

Check the obtained data and redo a step you already did earlier, but with the new data…

I have an RCE but it’s very limited with limited R/W permissions. No reverse shell too, or anything remotely better.

Any tips would be appreciated.

ok got past the first vuln, so much to look at cant seem to find which avenue is the right way yo go

Finally rooted, a box that I did not particularly appreciate especially since she has a lot of rabbits.

Could I get a PM nudge in the right direction for syntax errors with a certain early step?
I can give my notes, just not sure what i’m missing since i’m not too familiar with the method. I keep getting syntax errors no matter what I try but i can manipulate the output of those errors.

Thanks @jorgemorgado for your nudge in the right direction. I appreciate your help!

Totally lost on this one…trying to S*L inject WH**s but lost there…Can someone PM me on initial foothold