Aragog

I have managed to use the 2 files to execute a command, but I cannot inject anything extra?? I have tried numerous things from OWASP, etc. I am unsure as to how I can gain access. If anyone can PM me some good places to read up I would be most grateful.

Soā€¦ I have found how the two documents go together, and can execute a java alert, but no idea how to do LFI. Please, any help on this would be great.

Got User flag! Love it

any hints on root? i am just stuck at the last phase i think :frowning:

@h4x3r said:
any hints on root? i am just stuck at the last phase i think :frowning:

Iā€™m in the same boat. Iā€™ve ran LinEnum.sh and nothing sticks out. Can someone help us out?

@Raphaeangelo said:

@h4x3r said:
any hints on root? i am just stuck at the last phase i think :frowning:

Iā€™m in the same boat. Iā€™ve ran LinEnum.sh and nothing sticks out. Can someone help us out?

well i got 2 password from database. but both arenā€™t working for root.

Right I got user! Man I suck at Web Apps lol. Trying to suss how to get RCE now.

Iā€™m in the same boat, stuck doing priv esc tried enumerating loads of times, must be missing something.

Currently using Burp to do some enumeration.

I cannot find a way to get RCE :frowning: I have found lots of files but nothing of any use.

Iā€™m a dumbass!!! I was typing the wrong username in!!! I now have a shell lol

Anyone got root?!? Iā€™ve been pulling my hair out for the last few days.

I know the feeling, in the same place :expressionless:

Any hints on root? Iā€™ve been stuck for a few days now.

Been dirbing for days need a nudge.

any chance to get a direction?
found the 2 files, but can not find the connectionā€¦
i am missing something for sure, maybe overthinking itā€¦

deanos: as already stated in this thread look at OWASP Top 10 and put both files in conjunction

PM me for additional help if you need

@deanos said:
any chance to get a direction?
found the 2 files, but can not find the connectionā€¦
i am missing something for sure, maybe overthinking itā€¦

Burp is your friend here. Pay close attention to the headers. Burp even gives you a hint by adding an extra tab besides the Raw,Param, etcā€¦

Hello everyone,

Very frustrating :frowning: . Itā€™s been a few days that Iā€™ve been messing with this box. Getting user.txt was relatively quick, but I only had it through LFI, and not because I actually owned user. Tried a bunch of scripts, tried messing with some logs, tried enumerating manually with whatever makes sense, and I actually did find another webpage that the enumeration didnā€™t find.

Still have no fā€™in clue how to get shell.

Please halp

So you got user.txt by LFI so what else can you see?