Web - Server

Friday 26 June 2020, 02:00  #1
Web - Server - Server Side Request Forgery
miss4pple
miss4pple
  • 2 posts

Hi all!

I’m trying to solve the SSRF challenge. Without spoiling it, I could exploit the SSRF to run commands as Apache. But I’m not able to escalate privileges to root to read /passwd.

Is privilege escalation part of the challenge or did I miss something?

Friday 26 June 2020, 23:33  #2
Web - Server - Server Side Request Forgery
Th1b4ud
Th1b4ud
  • 1636 posts

Are you sure of what are you saying ?

Saturday 27 June 2020, 01:13  #3
Web - Server - Server Side Request Forgery
miss4pple
miss4pple
  • 2 posts

Yes, I know it sounds weird considering the words I used... But I was able to leverage the SSRF to get a shell that runs as Apache. I can execute commands, but don’t have the right permissions to get the flag by reading /passwd.

I sent you a DM with more details :)

Saturday 27 June 2020, 12:28  #4
Web - Server - Server Side Request Forgery
maskott
maskott
  • 28 posts

Hello,

I am to interesting in what you deed, can you DM me ?
Also it seems you found something but not the expected one in this challenge

best regards

New reply New reply   New topic New topic