Writeup

I haven’t found there to be any vulnerable lfi, but i could be missing something.

I’d probably be. more helpful, but apparently I’m spamming. :stuck_out_tongue:

You have posted 2 times within 30 seconds. A spam block is now in effect on your account. You must wait at least 60 seconds before attempting to post again.

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m

Type your comment> @PwrZer0 said:

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m

try burpsuite

my dirb keeps stopping, and i can’t seem to enumerte with gobuster, or dirbuster
anyone else having this issue?

Type your comment> @0xAMS said:

my dirb keeps stopping, and i can’t seem to enumerte with gobuster, or dirbuster
anyone else having this issue?

Take a look on message in page… You’ll get a hint about what’s happening.

cant figure out if the part with creds is of any relevance! :disappointed:

I’ve trying to check everything that visible, I found pg= Am I in the right path?

Type your comment> @NeoBox said:

I’ve trying to check everything that visible, I found pg= Am I in the right path?

Maybe read the other posts? :stuck_out_tongue:

Type your comment> @hxmo said:

Type your comment> @PwrZer0 said:

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m

try burpsuite

I tried but I couldn’t reach anything useful up till now If someone could spot a light for me please PM !

Hint for user:
Don’t use dirbuster, gobuster, etc. there is no need to brute force directories. Look at a popular file you might find on a web server that is commonly misconfigured by admins thinking it actually makes it more secure. This will give you a start to where you need to be. If you don’t have this plugin, I recommend installing a Firefox plugin called wappalyzer, its a neat tool. Just enumerate. This should be more than enough to help you find what you need to use to get access. Next step, Queen - We Will Rock You (Official Video) - YouTube.

Type your comment> @PwrZer0 said:

Type your comment> @hxmo said:

Type your comment> @PwrZer0 said:

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m

try burpsuite

I tried but I couldn’t reach anything useful up till now If someone could spot a light for me please PM !

spider the target

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

wappalyzer*

@emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

Exactly what I thought! Like watching The Matrix :tongue:

Type your comment> @emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

hahahahaha

Type your comment> @emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

This! :joy:

Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.

any hint on root? does s**** G**** related?

@emaragkos said:
The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

That exploit made me want to redo everything I ever did in python to print that beautifully

What beautiful exploit.
Almost like Swordfish movie terminals hahah.