Stratosphere

igaralf · April 8, 2018, 9:11am

my friend john is quite selfish, does not want to share anything.

n1b1ru · April 8, 2018, 10:54am

@igaralf said:
my friend john is quite selfish, does not want to share anything.

Tell him you’ll play with Hashkiller or Crackstation lol

xplo8 · April 9, 2018, 3:38am

Spoiler Removed - Arrexel

windsurfer · April 9, 2018, 7:07am

No need for shell

Randsec · April 9, 2018, 11:41am

What should I look after being able to RCE? I’m really stucked…

Randsec · April 10, 2018, 4:14pm

so, I’m able to answer all questions of the challenge. still stucked as, well, you know why. Tried searching different exploits or vulns on the machine. Did not find anything. Will someone light my way?

igaralf · April 10, 2018, 10:12pm

Yeah, privesc, that mighty thing…

xplo8 · April 10, 2018, 11:48pm

any hints on how to escalate from challenge? I’ve been exhausting ways to deal with wildcard, env variables or even manipulating CLI call for code execution

valbrux · April 11, 2018, 1:31pm

Hints about path finding? Tried with every combination of extensions (.a****,.d*) but still no luck …

meni0n · April 11, 2018, 7:48pm

Can’t find any action, can someone help out

Randsec · April 12, 2018, 1:06pm

I got root yesterday. I learnt. Good machine.

igaralf · April 12, 2018, 4:30pm

@Randsec said:
I got root yesterday. I learnt. Good machine.

i just got it 2 mins ago, but learned stuff as well along the way

darkoria · April 12, 2018, 4:55pm

Having trouble with RCE. Found ACTION. Ran multiple exploits vs it. Everything is timing out or err 400. Any help appreciated (PM if possible)

darkoria · April 13, 2018, 7:47pm

Anyone around for a question on Priv Esc?

darkoria · April 13, 2018, 8:54pm

@NINGEN said:

@FloptimusCrime said:

@NINGEN said:

@FloptimusCrime said:
The q4 is making me mad. Anyone with leads on this? Please PM me

There’s a specific format that you need to use. Look for a command in john that will list out all available formats.

I got root without solving the puzzle.

True

It’s a bit of a twist.

Ultimately this got me where i wanted to go. I went WAY down the rabbit hole, but learned a lot . Great box

Cristi · April 13, 2018, 11:05pm

Getting to user was learning about a widespread vulnerability, getting to root was learning (with help) about another vulnerability within a framework. So to pay it forward, you can pm here or on mattermost for nudges. I’d prefer mm as it’s more interactive.

umityn · April 17, 2018, 7:40am

i got command execution RCE, but now i’m stuck, tried reverse shell but i failed. any hint?

lokori · April 17, 2018, 8:35pm

I don’t know if reverse shell is possible in this case. RCE doesn’t automatically lead to reverse shell if the machine doesn’t allow opening outbound connections back to the attacker’s machine. If the machine doesn’t allow incoming traffic on ports you can bind, then you have RCE and have to live without a cool shell access.

(Of course I might be wrong, just got RCE an hour ago or so, but it would appear to be that way. I haven’t exhausted all the possibilities for this.)

ganbaruTobi · April 18, 2018, 3:03pm

Could somebody PM me about an usefull wordlist? i have run fuzzdb and seclists. There was no action for me. Also no world greetings =(

Laegir · April 18, 2018, 4:32pm

Try to use dirbuster-medium wordlsit