Falafel

SPOILER

“Hacking Attempt Detected”

Hmm, is that the right kind of the right path?

@kusk said:
“Hacking Attempt Detected”

Hmm, is that the right kind of the right path?

i found it also. but nothing more

is there someone can help me in falafel machine or give me some hints

any hint guys after login successful ? that ext drive me to crazy !!

I’ll never eat another one. LOL

“Hacking Attempt Detected”

stuck here. any hint plz

priv esc’d to Spoiler Removed - Arrexel but can’t see any priv vectors to get the root flag, everything looks bare. Any hints would be great!

Hello,

I’m trying to figure out the way in. I’m throwing dirbuster against the webserver, but i didn’t find anything interesting with the normal dictionaries. I also tried bruteforcing the login page, and i found two usernames, but seems impossible to get the password.

I have been couple of days trying harder. Apart of that, any hints out there? :slight_smile:

Nevermind, i managed to get into the panel. I can keep on working now, thanks :slight_smile:

I’m stuck trying to figure out how to get into the panel still

Also got in, dumb mistake on my part

@LouissTNT said:
any hint guys after login successful ? that ext drive me to crazy !!

Any progress mate? Really frustrating this one :frowning:

nvm… got it… privesc here we go

Haven’t found any way through the login yet. I think the guessing game is an extremely boring form of “hacking”, dirbuster or manual. Which is a shame because this machine is most likely otherwise an interesting one.

@lokori said:
Haven’t found any way through the login yet. I think the guessing game is an extremely boring form of “hacking”, dirbuster or manual. Which is a shame because this machine is most likely otherwise an interesting one.

Every step in this machine is so well thought of.
Is there a way you can think of to check places the website doesn’t want you to?
Have you enumerated it enough?

Have enumerated quite a lot with different wordlists. Found one “hot tip” but that’s pretty much it and perhaps there is nothing more to be found. There are some “issues” in the login implementation, but so far it has resisted my feeble hacking skills :slight_smile:

Of course I tried guessing different things, but that didn’t lead anywhere.

I’m interested in this machine because nobody has given it thumbs down, which clearly suggests that this is a nice one.

Hey guys, I am stucked at the login page. Have tried different methods, but still coming short. Any tip or hint on how to approach the login page?

I finally got the user flag after a lot of “Try Harder”. Probably couldn’t have done it, but I got one invaluable tip about a thing I had never heard of. This machine rules :+1:

I’m a bit stuck on the upload feature, I’ve been working on it for like 3 days and I can’t seem to figure out how to get around the url filtering. I’ve tried, null characters, double url encoding, illegal unicode, etc… is there a resource that anyone could point me to that could help me continue to move forward?