Bounty

I found something, googled about it but ended up with nothing ( or i’m looking at the wrong things) and I found a directory which I don’t have access too. Other than that I’m stuck already…

logged in as user…but user.txt nowhere to be found on Desktop, Documents, or Downloads…or anywhere i’ve looked…

Edit: JK

I found the page and directory as well but can’t figure out how to get the RCE… any hints are appreciated

@peek said:

@cdoisponto said:
any clue on finding user.txt ? i’m already have the RCE

you dont see the file with rce, but it is there, just do normally.

I guess this is why there is so many reset.

Unable to get anything apart from some directories. Typical crawlers are ok, or people is using another kind of tool?

Hi,

Can anyone give me a hint please? I have been working on something but it is not working so fat. I am not sure if it is a rabbit hole or I am doing something wrong

I can upload (I think!) but I am having trouble finding the location of whatever I uploaded.

@abogaida said:
Hi,

Can anyone give me a hint please? I have been working on something but it is not working so fat. I am not sure if it is a rabbit hole or I am doing something wrong

I can upload (I think!) but I am having trouble finding the location of whatever I uploaded.

If you don’t know the directory of where stuff is uploaded, I suggest you enumerate more

@Randsec said:
Unable to get anything apart from some directories. Typical crawlers are ok, or people is using another kind of tool?

Crawlers/spiders may not do anything for you…those just click on active links, they don’t really help you find directories that the server has no link to.

Any hint to what to find with dirb? Can’t enumerate anything apart a iis dir and a forbidden upload dir

@nardin said:
Any hint to what to find with dirb? Can’t enumerate anything apart a iis dir and a forbidden upload dir

Maybe you’re not looking for a directory :wink:

Maybe you’re not looking for a directory :wink:

Done that too… But I’ll try more :wink:

Can someone give me hint on the initial attack vector on this machine? dirb and burp havent given me luck in this challenge.

Kicking myself, working on RCE now. Don’t overthink, make sure to google and make sure you know the general workings of the service running

Rooted…if you’re on US VIP servers the box was very unstable…switched to EU and method I was trying for a few hours worked.

@isuckatcyber said:
@Randsec said:
Unable to get anything apart from some directories. Typical crawlers are ok, or people is using another kind of tool?

Crawlers/spiders may not do anything for you…those just click on active links, they don’t really help you find directories that the server has no link to.

Yea, I meant brute force.

@minhhungvn said:
Can someone give me hint on the initial attack vector on this machine? dirb and burp havent given me luck in this challenge.

Spoiler Removed - Arrexel

any hint on how to exploit the viewstate?

Any hints on enumeration wordlists? Tried the IIS related (hope this isn’t spoiler) wordlists inside SecLists and all I got was a forbidden directory.

Is anyone able to get a stable shell? Mine keeps getting a 500 after 2 requests.

Having trouble with PrivEsc, if somebody feels like giving some advice please PM me.