Stratosphere

theparadox · March 5, 2018, 5:49pm

No forum for this one, might as well make it.

I have done enumeration, and I found an exploit, but I can’t find the exploit name. Can someone pm me and help me?

Thanks,

Raj Baweja

sugitime · March 6, 2018, 5:06am

What do you mean you found the exploit but not the name? PM me the details.

Magavolt · March 6, 2018, 8:35pm

Any thoughts on Priv Esc? i see the thing and know i have to use it, but not sure how…

Magavolt · March 7, 2018, 6:33am

Never mind…

mrflibbleoz · March 7, 2018, 12:53pm

gaaaah been banging my head against a brick wall for a while now and need a clue enumerated to death (usual methods). There is a really obvious exploit that jumps out at you…I have tried this a number of different ways…sploit module, python scripts, manual exploit with no luck. Is this a major red herring?

gash · March 7, 2018, 3:09pm

I am in the same position atm, tried exploit but i won’t work and cannot find another attack vector.

uck084 · March 7, 2018, 4:19pm

I found a username and password, which supposed to login to management Web based GUI , but it doesn’t work and I have no clue what prevents my login! Please PM me if anyone get what I mean and wanna give some clue.

FloptimusCrime · March 7, 2018, 6:26pm

So Ive done enumeration and all the paths that i took ended up being deadends. Can I DM someone for some pointers.

Magavolt · March 7, 2018, 7:56pm

Don’t overlook your enumeration… Sometimes I will overlook stuff that is right in front of me.

mrflibbleoz · March 9, 2018, 2:43am

Still stuck despite a squllion wordlists thrown at it and reviewing contents of every page and contents and an nmap of every port. On the plus side I know a lot more about the Stratosphere :). Can someone provide a clue? Am I wasting my time with wordlists or trying to brute force a particular login?

batou · March 9, 2018, 8:25am

same issue, use dirbuster, try to bruteforce login use default credential but still stuck ;(

RPSUK · March 10, 2018, 11:56am

i too am in the same boat as many of you, have nmap full, have gobusted etc. burp suited it and msfconsoled it, seen a few potential exploits tried msf exploit tried python scripts and a nmap scripts … none of them seem to work…

I feel i am missing something, is this one of those “specific” wordlists type of thing again?

cyb3rwarri0r · March 10, 2018, 3:20pm

you need more “action” gogogo

wr3nch0x1 · March 10, 2018, 5:10pm

HelloWorld make some Action please

MindOverflow42 · March 10, 2018, 6:19pm

Spoiler Removed - Arrexel

MindOverflow42 · March 10, 2018, 6:19pm

can i have some hint for privs esc? Spoiler Removed - Arrexel

Elephant7oast · March 10, 2018, 8:14pm

Spoiler Removed

wr3nch0x1 · March 11, 2018, 10:50am

@Elephant7oast said:
Am I wasting my time trying to bruteforce the login? I have tried almost everything, a small nudge would be great :]

lights camera ( .ACTION )

attl4s · March 12, 2018, 7:29am

Hello! wanted to ask about the tomcat credentials.
I’ve exploited the thing and got RCE, but I have no way to scale to a full shell since the tomcat creds are not working, and they are from the conf file…

Am I missing something? Thanks

DigitalSamurai · March 12, 2018, 6:31pm

Can someone take pity on me and tell me what the heck I’m going wrong trying to get a shell