this one still has me stumped- Im using burp, zap - its clearly a traversal thats required for user. have googled php , php exploits and nothing seems to return anything. Either i’m missing something completly or it because the box keeps getting reset and I belive its hammered with a brute force at times
OK quite fustrating - something i have tried before several times in the last few evening now appears to work.
Got a private sshkey, any one there to give me a hint on how to get the passphrase please ?
@r0pSteev said:
hava a look at this website How to Bypassing Filter to Traversal Attacks ? | Hacking & Tricks
Thankyou - I finally got what i presumed was the answer to work, although for some reason it wouldnt work the last few nights.
That link is a very usefull refrence
Feel as if something is staring me in the eye and im completely missing it…
I only can read html, localhost, can’t list more.
I need some help. :d
id like to know what exactly the php code is doing behind the scenes. I don’t know what to research in google if I don’t know the name of the function…etc
edit: i figured out how to read the source code of those files. thanks finrir!
If anyone need hints, pm me.
Iv’e never dealt with docker containers… anybody got some good reference material on this I could read?
Wasting far too much time on this one
Need a decent solid hint on how to read the file under /etc/
Used a certain file + burp to forceably traverse / READ folders so i can now see where i need to be but no amount of changing variables etc seems to work.(and examples from hours of googling dont seem to work either)
@ZaphodBB said:
Wasting far too much time on this oneNeed a decent solid hint on how to read the file under /etc/
Used a certain file + burp to forceably traverse / READ folders so i can now see where i need to be but no amount of changing variables etc seems to work.(and examples from hours of googling dont seem to work either)
have you got a shell yet? or are you talking about priv esc?
Just getting initial foothold - unless Im completly mistaken and I’m barking up the wrong tree, it seems to me like the detaisl for initial users are gained by directory traversal - php explitation.
how can version 0.1 read root’s file while not even suid any keyword to research on please?
Finally got user.txt … What a pain i was trying the right thing the whole time besides one character…
what the heck is .restrictSXXXXX.sh? im in unfamiliar territory
Rooted, special thanks to loln00b for the hint was really helpful thanks mate.
Got root, many thanks to mcruz for you hints.
Now after I rooted it - I realize that this was / would have been the best hint
@xontrompalas said:
Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.
But I haven’t got the message before reading and learning a lot about what I obviously did not know about Linux!