Hint for HELP

help… XD

Anyone has luck on axx end ?

@D4Vinci said:
Good, any hints?

Usual directory listing, try other list if yours is not getting any. For me the usual classic has never gone wrong.

@Malone5923 said:

@D4Vinci said:
Good, any hints?

Usual directory listing, try other list if yours is not getting any. For me the usual classic has never gone wrong.

yup I got a directory and started working on getting a shell now :smiley:

I know where to upload my shell, finding it and executing it is the problem. The exploit to find it isnt working.

@Malone5923 said:
I know where to upload my shell, finding it and executing it is the problem. The exploit to find it isnt working.

same boat

And @buckley310 gets first blood. Congrats man.

Cant get passed the C**F check when uploading the shell.

Edit: Whoops, forgot a port in my scan as I went straight to port 80 lol.

Dont reuse posts @vanquish

brb kms if it was about using the “right” wordlist

EDIT: user is tricky.

I managed to find whatever I upload… but I’m starting to have a feeling it is a rabbit hole…
Sooo… is it?

This box is surprisingly tricky! Love it!

@23Y4D said:
I managed to find whatever I upload… but I’m starting to have a feeling it is a rabbit hole…
Sooo… is it?

Same here…thought I could trick it to upload a specific file type but no luck…

Revelant.

Did anyone get code execution?

Rooted. Loved the box. Hints:

  1. No brute force is necessary
  2. It is possible to get RCE (hard), but much easier to find creds
  3. You have to partially guess a username

The N***.JS is the way to go?

I didn’t need that. But seems others used another path and did need it.