I have managed to use the 2 files to execute a command, but I cannot inject anything extra?? I have tried numerous things from OWASP, etc. I am unsure as to how I can gain access. If anyone can PM me some good places to read up I would be most grateful.
Soā¦ I have found how the two documents go together, and can execute a java alert, but no idea how to do LFI. Please, any help on this would be great.
Got User flag! Love it
any hints on root? i am just stuck at the last phase i think
@h4x3r said:
any hints on root? i am just stuck at the last phase i think
Iām in the same boat. Iāve ran LinEnum.sh and nothing sticks out. Can someone help us out?
@Raphaeangelo said:
@h4x3r said:
any hints on root? i am just stuck at the last phase i thinkIām in the same boat. Iāve ran LinEnum.sh and nothing sticks out. Can someone help us out?
well i got 2 password from database. but both arenāt working for root.
Right I got user! Man I suck at Web Apps lol. Trying to suss how to get RCE now.
Iām in the same boat, stuck doing priv esc tried enumerating loads of times, must be missing something.
Currently using Burp to do some enumeration.
I cannot find a way to get RCE I have found lots of files but nothing of any use.
Iām a dumbass!!! I was typing the wrong username in!!! I now have a shell lol
Anyone got root?!? Iāve been pulling my hair out for the last few days.
I know the feeling, in the same place
Any hints on root? Iāve been stuck for a few days now.
Been dirbing for days need a nudge.
any chance to get a direction?
found the 2 files, but can not find the connectionā¦
i am missing something for sure, maybe overthinking itā¦
deanos: as already stated in this thread look at OWASP Top 10 and put both files in conjunction
PM me for additional help if you need
@deanos said:
any chance to get a direction?
found the 2 files, but can not find the connectionā¦
i am missing something for sure, maybe overthinking itā¦
Burp is your friend here. Pay close attention to the headers. Burp even gives you a hint by adding an extra tab besides the Raw,Param, etcā¦
Hello everyone,
Very frustrating . Itās been a few days that Iāve been messing with this box. Getting user.txt
was relatively quick, but I only had it through LFI, and not because I actually owned user. Tried a bunch of scripts, tried messing with some logs, tried enumerating manually with whatever makes sense, and I actually did find another webpage that the enumeration didnāt find.
Still have no fāin clue how to get shell.
Please halp
So you got user.txt by LFI so what else can you see?