I know how to exploit pl****S app and read file system, I can even read user flag, but not sure how to proceed, reading files in /home/someuser directory does not help (or I’m missing something), there’s one file with SETTINGS and some hashes inside but JTR, hashcat and crackstation can’t crack them…
EDIT: Metasploit is failing with error: “Could not determine CSRF tolken”
EDIT: error is arguments… works now…