I've managed to "bypass" the restrictions, but trying to find out where the files "go" after that... I think I'm uploading what I have to in order to get a shell, but not sure where to access it once it "disappears"...
I hope this is not going to require to watch the anime in order to guess the credentials.
haha thats what i was worried about...
I curious... but this all seems like that. The box's author's left a movie about that anime like it's supposed to provide us some imagination about how to guess credentials, so... I don't know honestly. The machine is very focused on the movie.
Comments
its time to become a ghoul
i can smell the blood
Twitter: https://twitter.com/0x4242 | Web: http://0x4242.net
nice box
N1Z4M B1N MUH4MM3D
Security researcher From God's own country
waddup? 1000 -7 ?
Don't let the box pwn you!!
Think I found the source of the RCE... But how do I change the "type" to access it... That is the question
defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”
Type your comment> @Farbs said:
ive done that, it does nothing as far as i know
Type your comment> @EmmaSamms said:
are you talking about bypassing the upload restrictions?
Do we have to bruteforce to get credentials?
Type your comment> @Collins19008 said:
yes
Any hint on where the uploads go? I'm able to bypass the restrictions - or at least it says so
I've managed to "bypass" the restrictions, but trying to find out where the files "go" after that... I think I'm uploading what I have to in order to get a shell, but not sure where to access it once it "disappears"...
defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”
Found it..:D
I also found the s*****.php file, but not exactly sure what I'm supposed to be getting out of it.
defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”
@dev17 https://imgur.com/a/RBbTwKy
am i going to have to have some knowledge on this show ie character names in order to get creds?
I hope this is not going to require to watch the anime in order to guess the credentials.
Type your comment> @ambi said:
haha thats what i was worried about...
Type your comment> @Collins19008 said:
I curious... but this all seems like that. The box's author's left a movie about that anime like it's supposed to provide us some imagination about how to guess credentials, so... I don't know honestly. The machine is very focused on the movie.
i also found s*****.php, not sure what its getting at...
No need to watch anything for the box
Don't let the box pwn you!!
Type your comment> @MinatoTW said:
where are my file uploads landing is that a rabbit hole for the secret art site
Another +12 hour box ?
I don't know what I'm overlooking but where is this upload thing? Can't find anything...
Twitter: https://twitter.com/0x4242 | Web: http://0x4242.net
Hoping it is not related to anime...
HTB | Root-Me | PentestIT | OSCP | Social
bruteforcing needed for **in.*** ?
EDIT: nevermind
Type your comment> @dev17 said:
any hint on the uploads path pls
Look which files u can upload in that form
Don't let the box pwn you!!
Type your comment> @MinatoTW said:
LOOOOOOOOOOOOOOOOOL cough cough
OSCP | TMHC CTF