Aragog

Okay Ive been at this for days now, Ive found the payload I need to use from OWASP Top 10 but I cant seem to figure out how the format is supposed to be. Could someone lend a helping hand with this please. Its killing me.

Cannot figure out how the two files from enumerated services relate. Can anyone PM me some suggestions?

@ktffffffffff said:
Cannot figure out how the two files from enumerated services relate. Can anyone PM me some suggestions?

METHODologies to send data to webserver ?

Dear gentlemen. Found a *** script that only get you back a enigmatic phrase about a certain high number of *****. Found the *** server and download *. file about a mask. I tried all the wordlist of the universe but I’m getting nothing…how is one supposed to progress? I would appreciate any help, thanks!

@deibit said:
Dear gentlemen. Found a *** script that only get you back a enigmatic phrase about a certain high number of *****. Found the *** server and download *. file about a mask. I tried all the wordlist of the universe but I’m getting nothing…how is one supposed to progress? I would appreciate any help, thanks!

Ton of hints in this thread.

Got user. One has to pay very much attention to the text…nice one

Can anyone help me with privesc?

any hints about priv esc for aragog?

Can anyone PM me with a hint regarding priv esc ?

@hagi said:
Can anyone PM me with a hint regarding priv esc ?

There everything is much easier than it seems) pay attention to the files that you can write) hint wp

Hi here,
I’m really stuck on the first shell for this one, even if it’s suppose to be an “easy” one …
I got the user with LFI, but i’m not able to got a shell … I’ve try bind access to some files, but i got nothing … (except some regular conf file from a database :/)
Any hint for me ?
Thanks

@HomardBoy there is an interesting article titled when all you can do is read.

Should point you in the right direction

anyone mind shooting me a PM about putting “together” the two files?

Hint in this topic.
Priv-Esc: have patience.

anyone can PM me the hint for priv esc ?. thank you

I’m stuck at priv esc, managed to get DB creds then Admin creds but I can’t connect to the admin dashboard because when I click login, it redirects to the URL : http://aragog… and firefox returns that the server was not found and modifying the request etc with Burp doesn’t work
How can I fix this ?
And if anyone could pm to give me some hints ?
Thanks

@Az3K said:
I’m stuck at priv esc, managed to get DB creds then Admin creds but I can’t connect to the admin dashboard because when I click login, it redirects to the URL : http://aragog… and firefox returns that the server was not found and modifying the request etc with Burp doesn’t work
How can I fix this ?
And if anyone could pm to give me some hints ?
Thanks

1- Might be useful to understand how name resolution worked in the times before the internet.

2- Think what you can do with the information you already have. :wink:

Been on priv esc for a while now, edited my hosts to include aragog, i know about the files i can edit. I also see the things being run every little bit. Can someone PM me for a hint?

I suppose i have edited the file but i am not able to get creds for admin page… am i missing something?

Need help with privesc. I found DB creds, got admins hash, couldnt crack it. Then saw the login script running, changed a file a bit and got admins password, however i cant use it to log into wp, and, even if i wanted to, I could just bypass login. it is also not valid to su in c…f or root, and its not f…n’s password for sudo. How should I proceed? From the hints above it seems like I should get c…f shell but I have no idea how and I don’t know where to use the password.