Hint for Waldo

Well someone’s got to post it :wink: It’s been over 12 hours. Where’s Waldo ?

^^

I found Waldo… where the ■■■■ is root???

I feel like i’m being extra stupid on this one…

@Bear said:
I feel like i’m being extra stupid on this one…

me too :slight_smile:

Stuck on priv esc. Didn’t find any possible path. One thing that makes me think is second interface. Am I on a correct path?

Am I on the right path with the logmanager ?

Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

@HeiGou - //hat have you tried so far?

pls stop resetting the box ;(

@Bear said:
I feel like i’m being extra stupid on this one…

^^
My feelings exactly. There’s not much to this box, yet, can’t get root.

@HeiGou said:
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

same any hint :slight_smile:

I’d appreciate it if anyone could include me on any privesc from M*****r to root

Nevermind , got root ^^

Yea, feeling the headache on the privesc from the M account…

@HeiGou said:
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

Need help as well. I found some interesting things in the .js file and I’m able to use them but I’m not very good with java so I can’t understand how to exploit them.

I found Waldo in the background image though, so that’s a plus.

@elio said:

@HeiGou said:
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

Need help as well. I found some interesting things in the .js file and I’m able to use them but I’m not very good with java so I can’t understand how to exploit them.

I found Waldo in the background image though, so that’s a plus.

First is not Java, is JavaScript and second you don’t need to know anything about java or JavaScript to get anything.
You don’t even need the javascript files.
If you could use a proxy to see what is going when you add a new list or an item to the list…

@Relwarc17 said:

@elio said:

@HeiGou said:
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

Need help as well. I found some interesting things in the .js file and I’m able to use them but I’m not very good with java so I can’t understand how to exploit them.

I found Waldo in the background image though, so that’s a plus.

First is not Java, is JavaScript and second you don’t need to know anything about java or JavaScript to get anything.
You don’t even need the javascript files.
If you could use a proxy to see what is going when you add a new list or an item to the list…

True, it’s JavaScript. My bad. I’m using Burp anyway, and the request the site makes is defined in the script, so I got it from there.

Hi. I can read files from www/html folder, list dirs and and write files, but I cant find a way to read other system files or write a file with an extension. Not so good with php, any hints?

@pkneca said:
Hi. I can read files from www/html folder, list dirs and and write files, but I cant find a way to read other system files or write a file with an extension. Not so good with php, any hints?

same…any hints?