@gudj4qu3r said: @shadow2Xx, @avoidy and @NicoF2000 maybe you need to get one word from the initial page and do something with it ... If i'm spoiling too much please delete it!
Guys, just like almost every other box, no bruteforcing is required at all. If that's what you've resorted to because you can't find anything else (I know I did), you probably need to enumerate more.
@Skunkfoot said:
Guys, just like almost every other box, no bruteforcing is required at all. If that's what you've resorted to because you can't find anything else (I know I did), you probably need to enumerate more.
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.
@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.
Yep. Anyway I tested all the techniques with no success
@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.
Yep. Anyway I tested all the techniques with no success
Comments
Tip: If you're using gobuster enable the following file extensions:
php,txt,htmlwith the-xflag.And as @0x29A said,
common.txtfrom seclists is enoughI have a shell. Does anyone have any hints for finding/getting to the user.txt?
Gods make rules. They don't follow them
Thx Skunkfoot and fjv, i got shell now
@fjv I actually tried it with the extensions + directory 2.3 medium. I will try again with common.txt
Nope nothing... Maybe I oversee something, but I have no clue how to continue
Hmm, I am in the same boat as you.
The only 200 that came back was for index.php...
Same here
i'm stuck on that op***** config
Spoiler Removed - egre55
https://www.hackthebox.eu/profile/58195
Hey Dave, do not know the user.txt ?? can someone PM me how can I find it???
on the same boat. Not sure how to proceed from dave to find user.txt
Perfect hint mate. Thanks a lot.
Maybe you are in the wrong place
I don't know how to approach the login page...i tried bruteforcing, sql injection..nothing worked! Any hints ?
Guys, just like almost every other box, no bruteforcing is required at all. If that's what you've resorted to because you can't find anything else (I know I did), you probably need to enumerate more.
--Skunkfoot
Ok thnx
Brute is my last resort...i'm just stuck 
You have to guess the first folder before running gobuster... then keep enumerating until you find something really exploitable.
I found a login page! Dunno how to proceed from there!
Enumerate more
Don't get tunnel-visioned on the login page
--Skunkfoot
as i did and lost several hours
"lost" is a relative term. Edison discovered 1 million ways to NOT make a lightbulb before he found one that worked. :bleep_bloop:
--Skunkfoot
Anybody on bypass a special upload file ????
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.
--Skunkfoot
Yep. Anyway I tested all the techniques with no success
Any hints on Priv Esc?
I see a couple of leads, but not sure how to utilize them
A hint would be appreciated
OSWE | OSCP | CCNA | PMP
PM.
the one that worked was to steal it from Tesla lol
@n1b1ru Skunkfoot is correct