@JeanMichel said:
If you are stuck at the enumeration and you can only see “html” and “localhost”, imagine that the filter only delete “…/” of your request, but not the total string ^^, so it’s breakable, I didn’t use weird characters like %2e etc… It’s really easy ! Don’t think too much Hope I helped someone
Enjoyed this machine… Thanks to those who gave some great hints… Learned some new linux commands on this machine and some other techniques…
For those stuck on initial foothold: There are a couple of posts here, some with articles, that will help you out a lot!
For those stuck on the priv esc and steps before that, the key is research to what you have “access” to for the first part and then what can help you and you have access to to get what you need…
ARRRRG, back here again. I’m able to see the user.txt file, however there is a filter not allowing me to read it… how can I bypass it? or do something else? Am I going the wrong direction? PM me
Hi Im Having trouble on last stage of Priv Esc (hopefully). I have logged in as the M* user and have escaped, but reached a block. Any hints / nudges would be appreciated either here or by PM to avoid spoilers . Done the usual crontab, look for suid binaries, permissions seem good.
HIi guyzz… i have the key, IK its the key which has to be used,
I am not able to remove the bad chars from it.
I tried curl command, tried removing manually, doesnt seem to be working.
Hiya folks. Kinda stuck as the m*. i have escaped the shell and looking for clues.found some, but still stuck on what to do. Can someone pm me with a hint? Thanks!