Hint for Waldo

I would love some advice on the initial step. I have found some interesting files and can read those but no idea how to proceed further

For the love of all hacking STOP RESSETING THE Fing box. ■■■ enum a little.

Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

@richeze said:
Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

Same here. Also suspected that a proxy like BS must be the key. However made almost no efforts. For some reason cannot make the foothold. PM?

@hopihallido said:

@richeze said:
Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

Same here. Also suspected that a proxy like BS must be the key. However made almost no efforts. For some reason cannot make the foothold. PM?

Feel free to include me as well - im at the same spot and have found some source code/files.

Anyone able to drop me a PM with a hint on user, I am able to read files etc… but not sure what to do next

I definitly need help on privesc, you can catch me on mattermost or send me a PM. I feel like i can already smell it but dont get it yet.

fyi… waldo is in the bottom left hand corner of the background if anyone is wondering. Ok back to trying to get user!

Got root - nice machine and definitely worth the time - learned something “new” to look into while doing enumeration. (Even if its 10+ years old)

this one still has me stumped- Im using burp, zap - its clearly a traversal thats required for user. have googled php , php exploits and nothing seems to return anything. Either i’m missing something completly or it because the box keeps getting reset and I belive its hammered with a brute force at times

OK quite fustrating - something i have tried before several times in the last few evening now appears to work.

hava a look at this website How to Bypassing Filter to Traversal Attacks ? | Hacking & Tricks

Hack The Box

Got a private sshkey, any one there to give me a hint on how to get the passphrase please ?

@r0pSteev said:
hava a look at this website How to Bypassing Filter to Traversal Attacks ? | Hacking & Tricks

Hack The Box

Thankyou - I finally got what i presumed was the answer to work, although for some reason it wouldnt work the last few nights.

That link is a very usefull refrence

Feel as if something is staring me in the eye and im completely missing it…

I only can read html, localhost, can’t list more.
I need some help. :d

id like to know what exactly the php code is doing behind the scenes. I don’t know what to research in google if I don’t know the name of the function…etc

edit: i figured out how to read the source code of those files. thanks finrir!

If anyone need hints, pm me.

Iv’e never dealt with docker containers… anybody got some good reference material on this I could read?

Wasting far too much time on this one

Need a decent solid hint on how to read the file under /etc/

Used a certain file + burp to forceably traverse / READ folders so i can now see where i need to be but no amount of changing variables etc seems to work.(and examples from hours of googling dont seem to work either)