The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!
This!
Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.
do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me
No creds needed. A simple google search and a quick scanu of the results should be enough
Yes, I agree w/ @p0n. But I’d say @0xAMS, you lie, or perhaps, ahem “Try harder”.
lie??
the exploit needed has to do with sqli (the others did not work)
and the sqli did not work also
this is where my exploit stops
at this point
[+] Salt for password found: 1
[*] Try: js
next time if you have nothing positive to say keep your opinion to your self
I say you lie, because I used searchsploit to find an unauthenticated exploit for a piece of software clearly listed in wapalizer. Very straightforward.
I guess the positive thing to say would have been “provide it a wordlist”. my bad, I guess.
The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!
This!
Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.
bro just tell about page already
You probably found the page already… just enumerate it.
The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!
This!
Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.
bro just tell about page already
You probably found the page already… just enumerate it.
Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy
did pspy but still no luck, i know how to do it but could not get which service to
The only interesting thing that pspy reveals is a cron, but the files it creates, are unpredictable (AFAIK), & they out of my permissions range. The box is so stripped down, I find myself using busy*** for basic enums.
Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy
did pspy but still no luck, i know how to do it but could not get which service to
The only interesting thing that pspy reveals is a cron, but the files it creates, are unpredictable (AFAIK), & they out of my permissions range. The box is so stripped down, I find myself using busy*** for basic enums.
well i know one which i can use, thanks to pspy but trying to figure out how to is my question now. Any articles would be appreciated