Silver IIbeen busy the whole day, but in the end I was able to finish the lab.
Target 1 took me quite a while to find the right exploit and to execute it well :)
Target 2 was in the beginning quite easy to gain initial access, but then I craweled into the world of LD_PRELOAD which helped me not at all :)
and Target 3 was like.. wtf?! then I got a lucky shot and intial access was good and the path continued until success.
Thanks for the funny lab. Hope I don't have to wait too long for March :)
Bronze IIITarget 2 conquered (for me the easiest one, for now). For Target 1 and 3, indeed, I know where to look but I'm having a little trouble finding indeed the right exploit for 1 and see how to “talk” to 3 :).
Interesting Labs!
Silver IITarget1 is to find the right exploit indeed. I needed to find it externally (google) and then copy it to the lab (base64 is your friend).
Target3 you see the hint in another comment :)
Bronze ILate to the party, but already completed all 3 targets!
(Since the cat is already out of the bag... ) steven For future references, you did not have to copy & paste since msf already has a 100% working module >;-)
Silver IIwell true, I liked it the hard way :P
Bronze IIII am very close to giving up :): for Target 1 I have tested several exploits (thoroughly) and I have even read the official documentation of the protocol in question!; nothing, zero ... no matter how hard I try I can't get one step further.
For Target 3 I have also tried to enumerate and test tactics. I am left with the option of uploading a shell (I got the credentials) ... but I would like to think that all this is much, *much*, simpler :).
Anyway, congrats on getting all three tokens!. I'm still at it ^^.
Silver IIdon't give up my friend :) https://github.com/n0b0dyCN/redis-rogue-server will help you on the first one.. and for target 3: jepp, just PUT the shell up and get in...
