@altoarun said:
hi everyone, I’m having a hard time trying to bypass the ‘try harder’ filter. Already read a lot about LFI/RFI but can’t find a way in. Someone can send a tip?
you don’t need look outside the box… check carefully what you got from enumeration
So I got limited shell and found certain interesting files to be archived. Cracked one password from there but it doesn’t seem to work with the local user of same name. Found the “internal” thingy but the credentials don’t work with it either.
I got user/pass from the place where the tetris game is, but can’t seem to find a way to create the initial shell. The only thing I can think of that I haven’t dealt with yet is the “try harder” filter. Should I try to bypass it or is there another way to go further?
@clt said:
I got user/pass from the place where the tetris game is, but can’t seem to find a way to create the initial shell. The only thing I can think of that I haven’t dealt with yet is the “try harder” filter. Should I try to bypass it or is there another way to go further?
Also stuck on getting root for this box. I think I’m on the right track, but not sure how to use the .log file information. Can someone message me to confirm if my hunch is correct?
any nudge on the privesc to root? I’m pretty sure that the root flag is inside the machine in the L**, as the logfile states the IP of it. I found the “lady” archiver, but all the necessary binaries are removed. I checked all (I hope) the internal running services, but nothing. So i’d like to get a little nudge, thanks!
Having some hangups on this one. Found the private browser and the thing admins would want to see, but I’m clearly missing something. Any nudges would be appreciated.
Can anyone help? I’ve found the correct credentials but they aren’t being accepted. I don’t know if it’s a problem with the box or me. I’ve checked via writeups, so I know they’re correct but the vulnerable application keeps on prompting me.