Hello guys
Just started haystack.
Could you tell me if the needle.img is connected with steganography? Do I need to use steganography tools to obtain some information from this picture?
I found the p…: s******.i*.k** but it doesn’t seem to work anywhere, I ve tried some default users front door, didn’t seem to work, is it a rabbit hole or am I overthinking it? Hint pls x)
EDIT: Okey that was stupid from me, when you find the p… don’t be excited and forget to see what else is there
thanks @penturmeade for the Hint: “if you found the password, the user is very close by”
I’m having trouble performing privesc from the user account. I’m trying to run a js file uploaded to the machine using the LFI vuln. The response i get back from sending the GET request with CURL is a 400 Bad request. apis paramerer is required. My query however does include a apis value. Did anyone else experience this?
Those who are stuck at going banana, you need to look at a certain config file and see why the *F* exploit you are using is not working (it can only be ran from a certain place, you already have the tool on the machine to do it)