Vault

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

@J0rdan said:

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

“lost” is a relative term. Edison discovered 1 million ways to NOT make a lightbulb before he found one that worked. :bleep_bloop:

Anybody on bypass a special upload file ???

Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

Yep. Anyway I tested all the techniques with no success

Any hints on Priv Esc?
I see a couple of leads, but not sure how to utilize them :confused:

A hint would be appreciated :slight_smile:

@23Y4D said:
Any hints on Priv Esc?
I see a couple of leads, but not sure how to utilize them :confused:

A hint would be appreciated :slight_smile:

PM.

@Skunkfoot said:

@J0rdan said:

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

“lost” is a relative term. Edison discovered 1 million ways to NOT make a lightbulb before he found one that worked. :bleep_bloop:

the one that worked was to steal it from Tesla lol

@n1b1ru said:

@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

Yep. Anyway I tested all the techniques with no success

@n1b1ru Skunkfoot is correct

@Opaque said:

@Skunkfoot said:

@J0rdan said:

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

“lost” is a relative term. Edison discovered 1 million ways to NOT make a lightbulb before he found one that worked. :bleep_bloop:

the one that worked was to steal it from Tesla lol

lol whatever works!

@n1b1ru said:

@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

Yep. Anyway I tested all the techniques with no success

I’m betting you missed one. Try harder. :wink:

Hm, any hints for lateral movement?
Got a shell as d**e, I found some creds aswell, got some interesting ips, yet I am not quite sure how to access those and the password I found does not work with the “DNS + Configurator” server.

Did I skip anything worth looking at?

@avoidy said:
Hm, any hints for lateral movement?
Got a shell as d**e, I found some creds aswell, got some interesting ips, yet I am not quite sure how to access those and the password I found does not work with the “DNS + Configurator” server.

Did I skip anything worth looking at?

Have you done Poison yet?

@Skunkfoot said:

@Opaque said:

@Skunkfoot said:

@J0rdan said:

@Skunkfoot said:
Don’t get tunnel-visioned on the login page

as i did and lost several hours

“lost” is a relative term. Edison discovered 1 million ways to NOT make a lightbulb before he found one that worked. :bleep_bloop:

the one that worked was to steal it from Tesla lol

lol whatever works!

@n1b1ru said:

@Skunkfoot said:
Do some research on how to bypass file upload extension filters. Once you figure out what types of files you can upload, the rest should be pretty simple.

Yep. Anyway I tested all the techniques with no success

I’m betting you missed one. Try harder. :wink:

Finally I discovered it was a misunderstanding between whitelisted and blacklisted

@Skunkfoot said:

@avoidy said:
Hm, any hints for lateral movement?
Got a shell as d**e, I found some creds aswell, got some interesting ips, yet I am not quite sure how to access those and the password I found does not work with the “DNS + Configurator” server.

Did I skip anything worth looking at?

Have you done Poison yet?

Nope, but I guess I need to do some tunneling to access said “configuration tester”?
Nevertheless, I will look into it.

We can discuss more privately if you’d like :wink:

Enumerated more and got a shell! Enum is always the solution…my bad xD

I enumerated as far as i think i can go, common.text isnt finding anything after /u****ds/. Im completly stumped from here though. I did some searching and found some documentation on optionsbleed but im not able to get anything to work.

@Opaque said:
I enumerated as far as i think i can go, common.text isnt finding anything after /u****ds/. Im completly stumped from here though. I did some searching and found some documentation on optionsbleed but im not able to get anything to work.

You might read back through previous posts on here. If you only look for directories you may not always find everything interesting.

Can anyone pm me pls for initial foothold? Enumerating for hours but not able to find anything.

Lol. Nevermind. Got 404 for over an hour using the correct folder. Now getting 403

@deviate said:

@Opaque said:
I enumerated as far as i think i can go, common.text isnt finding anything after /u****ds/. Im completly stumped from here though. I did some searching and found some documentation on optionsbleed but im not able to get anything to work.

You might read back through previous posts on here. If you only look for directories you may not always find everything interesting.

i havent just been looking for directories. i have looked for php,txt,and html in all directories that i have gone through.