Vault

@agnarus said:
Hey Dave, do not know the user.txt ?? can someone PM me how can I find it???

on the same boat. Not sure how to proceed from dave to find user.txt

@gudj4qu3r said:
@shadow2Xx, @avoidy and @NicoF2000 maybe you need to get one word from the initial page and do something with it … If i’m spoiling too much please delete it!

Perfect hint mate. Thanks a lot.

@axle05 said:

@agnarus said:
Hey Dave, do not know the user.txt ?? can someone PM me how can I find it???

on the same boat. Not sure how to proceed from dave to find user.txt

Maybe you are in the wrong place

I don’t know how to approach the login page…i tried bruteforcing, sql injection…nothing worked! Any hints ?

Guys, just like almost every other box, no bruteforcing is required at all. If that’s what you’ve resorted to because you can’t find anything else (I know I did), you probably need to enumerate more.

@Skunkfoot said:
Guys, just like almost every other box, no bruteforcing is required at all. If that’s what you’ve resorted to because you can’t find anything else (I know I did), you probably need to enumerate more.

Ok thnx :wink: Brute is my last resort…i’m just stuck :expressionless:

You have to guess the first folder before running gobuster… then keep enumerating until you find something really exploitable.

Deeper

@fjv said:
You have to guess the first folder before running gobuster… then keep enumerating until you find something exploitable.

I found a login page! Dunno how to proceed from there!

Enumerate more

Don’t get tunnel-visioned on the login page

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

@J0rdan said:

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

“lost” is a relative term. Edison discovered 1 million ways to NOT make a lightbulb before he found one that worked. :bleep_bloop:

Anybody on bypass a special upload file ???

Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

Yep. Anyway I tested all the techniques with no success

Any hints on Priv Esc?
I see a couple of leads, but not sure how to utilize them :confused:

A hint would be appreciated :slight_smile:

@23Y4D said:
Any hints on Priv Esc?
I see a couple of leads, but not sure how to utilize them :confused:

A hint would be appreciated :slight_smile:

PM.

@Skunkfoot said:

@J0rdan said:

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

“lost” is a relative term. Edison discovered 1 million ways to NOT make a lightbulb before he found one that worked. :bleep_bloop:

the one that worked was to steal it from Tesla lol

@n1b1ru said:

@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

Yep. Anyway I tested all the techniques with no success

@n1b1ru Skunkfoot is correct

@Opaque said:

@Skunkfoot said:

@J0rdan said:

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

“lost” is a relative term. Edison discovered 1 million ways to NOT make a lightbulb before he found one that worked. :bleep_bloop:

the one that worked was to steal it from Tesla lol

lol whatever works!

@n1b1ru said:

@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

Yep. Anyway I tested all the techniques with no success

I’m betting you missed one. Try harder. :wink: