@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.
Thanks!
You need to do a little enumeration at the login level, we could inject what in a login page ?
i pretty much get what i need to do but the usernames taken * all of it *
Need to wait for my turn i guess !
Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?
I know what I need to do in order to get root. Well, at least, I think I do. The problem is that the .exe I needed used to be there. But now it’s not. I’ve used this .exe earlier on but I can’t seem to find it anywhere now. There’s a shortcut for it on the desktop but it’s not in the location where that shortcut is pointing. Any ideas?
@Mapperist said:
I know what I need to do in order to get root. Well, at least, I think I do. The problem is that the .exe I needed used to be there. But now it’s not. I’ve used this .exe earlier on but I can’t seem to find it anywhere now. There’s a shortcut for it on the desktop but it’s not in the location where that shortcut is pointing. Any ideas?
I got stuck on this for days dude. Try not to focus too hard on the .exe itself, but what it could create. As soon as I realised this I had root.txt instantly.
@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.
Thanks!
You need to do a little enumeration at the login level, we could inject what in a login page ?
i pretty much get what i need to do but the usernames taken * all of it *
Need to wait for my turn i guess !
Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?
Rooted !
You didn’t even need to find “IT”, you could of accessed it from anywhere.
@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.
Thanks!
You need to do a little enumeration at the login level, we could inject what in a login page ?
i pretty much get what i need to do but the usernames taken * all of it *
Need to wait for my turn i guess !
Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?
Rooted !
You didn’t even need to find “IT”, you could of accessed it from anywhere.
Is there a way to access it from anywhere ? If Yes, Could you PM Me ?
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I’m doing wrong
@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I’m doing wrong
never once seen the shell drop on this box. Don’t know what your doing, but I used multiple different shells, and none dropped. I did get a couple hangs, but it was because I was doing stuff to hang it, while experimenting
@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I’m doing wrong
same here…
try different shells for starters and see how they behave
@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I’m doing wrong
same here…
try different shells for starters and see how they behave
@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I’m doing wrong
same here…
try different shells for starters and see how they behave
hmm… i am gonna try, thanks
i had quite a few unstable shells at some point… but one method i used was quire stable after all…
so maybe reset if you see no difference after all
@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I’m doing wrong
There might be a script that deletes files you upload after a certain time?