Bounty

enjoying this box, not there yet, but it is fun

the ‘functionality’ of the app is breaking, anyone else experiencing this?

@Narmu said:
the ‘functionality’ of the app is breaking, anyone else experiencing this?

yup

The box is fun and easy, dont overthink to much and use google. Also it will help you to build your way into the box.

easy box but unstable , i don’t know if someone deleting files but i can’t have more than 1 minute with a shell then i need to reset the machine.

me like, ok look easy, then…wtf? haha

Can anybody pm me? I found the hidden dir and the other page, but i can’t figure out how to combine them.

any clue on finding user.txt ? i’m already have the RCE

@cdoisponto said:
any clue on finding user.txt ? i’m already have the RCE

you dont see the file with rce, but it is there, just do normally.

I found something, googled about it but ended up with nothing ( or i’m looking at the wrong things) and I found a directory which I don’t have access too. Other than that I’m stuck already…

logged in as user…but user.txt nowhere to be found on Desktop, Documents, or Downloads…or anywhere i’ve looked…

Edit: JK

I found the page and directory as well but can’t figure out how to get the RCE… any hints are appreciated

@peek said:

@cdoisponto said:
any clue on finding user.txt ? i’m already have the RCE

you dont see the file with rce, but it is there, just do normally.

I guess this is why there is so many reset.

Unable to get anything apart from some directories. Typical crawlers are ok, or people is using another kind of tool?

Hi,

Can anyone give me a hint please? I have been working on something but it is not working so fat. I am not sure if it is a rabbit hole or I am doing something wrong

I can upload (I think!) but I am having trouble finding the location of whatever I uploaded.

@abogaida said:
Hi,

Can anyone give me a hint please? I have been working on something but it is not working so fat. I am not sure if it is a rabbit hole or I am doing something wrong

I can upload (I think!) but I am having trouble finding the location of whatever I uploaded.

If you don’t know the directory of where stuff is uploaded, I suggest you enumerate more

@Randsec said:
Unable to get anything apart from some directories. Typical crawlers are ok, or people is using another kind of tool?

Crawlers/spiders may not do anything for you…those just click on active links, they don’t really help you find directories that the server has no link to.

Any hint to what to find with dirb? Can’t enumerate anything apart a iis dir and a forbidden upload dir

@nardin said:
Any hint to what to find with dirb? Can’t enumerate anything apart a iis dir and a forbidden upload dir

Maybe you’re not looking for a directory :wink:

Maybe you’re not looking for a directory :wink:

Done that too… But I’ll try more :wink: