Teacher

Hey just started this discussion. :slight_smile:

This is very annoying
I can’t find anything

a hint, if u have been to uni then u will see it and all first u need is pass then do math quiz

Spoiler Removed - egre55

@Ahm3dH3sham said:
This is very annoying
I can’t find anything

I find way too much, but 99% is useless, haven’t found the 1% yet either

@salute101 said:
a hint, if u have been to uni then u will see it and all first u need is pass then do math quiz

I think I have several things to try ONCE I get creds , that’s what I’m having trouble with , can’t seem to extract any …

I have 14/15 of creds, but cant find 15/15 part :frowning: Some trickery there!

@Laegir said:
I have 14/15 of creds, but cant find 15/15 part :frowning: Some trickery there!

are they valid creds? can you login with them?

I have been searching for creds for a while only have a possible user name

I also am seeing the (most likely) intended vuln, and a potential user, but not sure how to get that users creds. already tried the obvious first name last name, first name initial last name, or just last name, plus all the regular default passwords (admin, password, username) etc. do I need to resort to brute forcing all these possible usernames against a larger list (maybe custom word list)? i always leave brute forcing for last but it seems pretty obvious what the vuln is, just need the creds.

@0xEA31 dude tell us some hints

I got a very small passwordlist. One of them should be the right pass. Just searching for the right user name.

Managed to get low priv shell - hint F12

I managed to find the password “Th4*******”, and it says I need to find the last character. I tried bruteforcing the login using “Gio****” as the username. Am I on the right lines?

@f1ndm3 said:
I managed to find the password “Th4*******”, and it says I need to find the last character. I tried bruteforcing the login using “Gio****” as the username. Am I on the right lines?

Yes.

Has anyone gotten around the “Cannot get the specified dataset…” issue when trying to RCE?

Has anyone gotten around the “Cannot get the specified dataset…” issue when trying to RCE?

I too would LOVE to know how to fix this dataset thing

oh man that was a lame way to get user password. its just a game of hide and seek that doesnt make any real world sense.

hint look at every file on every site. if a file doesnt open when you expect it to, find out why not.

Hint for user - don’t be like me and don’t ignore common things during priv esc
Edit Rooted!

I cannot for the life of me figure out what the username is and it’s probably something very obvious that I’m just not seeing…