Aragog

@Malkinowns71 said:

@GingerHackz said:

@fhlipZero said:
scratch that - very much learned a thing

You have an article or something that you could share so I can learn this thing? Im stuck at the same exact spot and no amount of fuzzing I can think of is working. But im also not versed in XXX so im most likely missing something simple.

if you got the 2 files, then you should check out OWASP TOP 10 that helped me get it really helped.

I knew it was somethng simple - that helped a lot. I got user with it, now im just trying to actually get my shell spawned. Thank you

Anyone got a hint for privilege escalation? Got shell already but absolutely not a single clue how to proceed.

@soepstengel97 said:
Anyone got a hint for privilege escalation? Got shell already but absolutely not a single clue how to proceed.

Enumeration man I know we all hate hearing that but that helped me out. once you got shell just enumerate and find something out of the ordinary?

I’m completely lost. I have both of the files but I don’t see what that has to do with anything. I understand the two files relationship to one another but what do I do with that info? I’m out of ideas. Any help would be greatly appreciated. Thanks!

I was able to figure out how to read files from the server, but I can’t get any sort of RCE or relevant file for getting a shell. Any advice?

I was able to get a login for a database from a specific file, am I going down a rabbit hole with this? Something about a secure-file-priv option keeps me from using an exploit.

@sheeets said:
I was able to figure out how to read files from the server, but I can’t get any sort of RCE or relevant file for getting a shell. Any advice?

If you have LFI then your next best bet is to enumerate users. Also look at your original nmap scan and notice what services are running that you can use that LFI with to possibly get access.

@sheeets said:
I was able to get a login for a database from a specific file, am I going down a rabbit hole with this? Something about a secure-file-priv option keeps me from using an exploit.

Your are on the right track just think how u can get the creds out of that application :wink:

@sheeets said:
I was able to figure out how to read files from the server, but I can’t get any sort of RCE or relevant file for getting a shell. Any advice?

Look at your nmap scan what services are running and how they work then use the LFI :wink:

@soepstengel97 said:
Anyone got a hint for privilege escalation? Got shell already but absolutely not a single clue how to proceed.

enumerate run LinEnum.sh you will get some idea

Guys, someone can give me a little nudge about what to do with the two files?

Edit: Got it :slight_smile:

I need help! I got the two files as well, but have no clue where to start. I read through the top ten, but not really anything stands out, besides one thing, but not sure. PLEASE HELP.

I have managed to use the 2 files to execute a command, but I cannot inject anything extra?? I have tried numerous things from OWASP, etc. I am unsure as to how I can gain access. If anyone can PM me some good places to read up I would be most grateful.

So… I have found how the two documents go together, and can execute a java alert, but no idea how to do LFI. Please, any help on this would be great.

Got User flag! Love it

any hints on root? i am just stuck at the last phase i think :frowning:

@h4x3r said:
any hints on root? i am just stuck at the last phase i think :frowning:

I’m in the same boat. I’ve ran LinEnum.sh and nothing sticks out. Can someone help us out?

@Raphaeangelo said:

@h4x3r said:
any hints on root? i am just stuck at the last phase i think :frowning:

I’m in the same boat. I’ve ran LinEnum.sh and nothing sticks out. Can someone help us out?

well i got 2 password from database. but both aren’t working for root.

Right I got user! Man I suck at Web Apps lol. Trying to suss how to get RCE now.

I’m in the same boat, stuck doing priv esc tried enumerating loads of times, must be missing something.