What beautiful exploit.
Almost like Swordfish movie terminals hahah.
anyone available to give me a nudge?
do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me
Type your comment> @0xAMS said:
do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me
No creds needed. A simple google search and a quick scanu of the results should be enough
Type your comment> @p0n said:
Type your comment> @0xAMS said:
do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for meNo creds needed. A simple google search and a quick scanu of the results should be enough
i did searchsploit on the software and used the exploits it mentioned with no luck
managed to get creds, need a bit of a nudge
I feel like I’m overlooking something as I can’t get the creds to work on /w******/a****
Stuck after user flag - ran the usual enumeration scripts but nothing jumped out at me.
Am I blind?
I dunno if the exploit is “matrix” or swordfish" like, but is does sort of remind me of padbuster, the way it increments, I guess. It is neat tho, having phun
Type your comment> @p0n said:
Type your comment> @0xAMS said:
do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for meNo creds needed. A simple google search and a quick scanu of the results should be enough
Yes, I agree w/ @p0n. But I’d say @0xAMS, you lie, or perhaps, ahem “Try harder”.
Type your comment> @Fugl said:
Type your comment> @emaragkos said:
The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!
This!
Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.
bro just tell about page already
Type your comment> @Cynn said:
managed to get creds, need a bit of a nudge
I feel like I’m overlooking something as I can’t get the creds to work on /w******/a****
Go to your nmap and you’ll get them to work
Spoiler Removed
help me with the user flag i have found p*** but do not know what to do further
Spoiler Removed
@Zot said:
Type your comment> @0xAMS said:Type your comment> @Zot said:
Type your comment> @p0n said:
Type your comment> @0xAMS said:
do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for meNo creds needed. A simple google search and a quick scanu of the results should be enough
Yes, I agree w/ @p0n. But I’d say @0xAMS, you lie, or perhaps, ahem “Try harder”.
lie??
the exploit needed has to do with sqli (the others did not work)and the sqli did not work also
this is where my exploit stops
at this point
[+] Salt for password found: 1
[*] Try: jsnext time if you have nothing positive to say keep your opinion to your self
I say you lie, because I used searchsploit to find an unauthenticated exploit for a piece of software clearly listed in wapalizer. Very straightforward.
I guess the positive thing to say would have been “provide it a wordlist”. my bad, I guess.
Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy
Type your comment> @godzkid said:
Type your comment> @Fugl said:
Type your comment> @emaragkos said:
The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!
This!
Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.
bro just tell about page already
You probably found the page already… just enumerate it.