Hello, I’ve been stuck with the w****** page for so long, checked if there is lfi in p***. found what’s running without wappalyzer, the probleme is I do not know the version, so I do not know what exploit to use. any hint will be appreciated as I am sure I am in the right path.
Edit: found the exploit and did the rest, gonna look for the user flag now.
thanks for the hint deviate, sm0n6
My hint would be it’s a fresh new box. peoplz hinted the exploit on how it’s user friendly… for the cracking you’ll be able to do it if you got the creds at the first place (did you even read the exploit …)
Hello, I’ve been stuck with the w****** page for so long, checked if there is lfi in p***. found what’s running without wappalyzer, the probleme is I do not know the version, so I do not know what exploit to use. any hint will be appreciated as I am sure I am in the right path.
If you found it without wappalyzer then maybe if look closer you can rule out certain CVEs
Root is tricky to find if others are not on the box IMO. Use the tool already mentioned to monitor processes, but generate traffic to the box while this is running using the VERY last step needed to get user. Observe the process, and consider how to leverage.
please, let me know if there is any script or command which can be used to see which dir are user writeable, I am using find command but it is not giving me much.
please, let me know if there is any script or command which can be used to see which dir are user writeable, I am using find command but it is not giving me much.
No matter where I adjust T**E on the script either when executing the script or in the scripts source, it still just wants to zoom its way through and hit me with the ddos protection… Im either noobing this right now or its executing wrong. Any suggestions on possibly how to fix it or set the delay?
Any idea how to crack the hash, using the default script it is taking ■■■■ lot of time and every time I am running the exploit it is giving me a new hash and salt each time.
I’ve been getting the same result after running the script against /wp/ with the ck option, but the creds don’t work on /w**p/a****. I’ve slowed the time element of the script. Any nudges?
edit: got user. Sometimes when a service seems beat it’s good to move on to another one.
edit: got root. That was a fun one. Thanks for the box @jkr
please, let me know if there is any script or command which can be used to see which dir are user writeable, I am using find command but it is not giving me much.