anyone care to give me a nudge?
Am still in the user stage. Have however been able to log into jail.
Then exploited it which gives me ability to read files…
found some interesting things but it’s not showing me full content of the files.
not sure what I am looking for at this stage.
Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment… If someone’s got time, please, PM me, I need a little push to the solution.
Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.
@bu77er0verfl0w said:
Should I be using actual media files to test the upload page? Sending random text files with video file extensions doesn’t seem to lead anywhere…
Think about tools which are used to handle this type of data. And look at what you obtain using the tool. Google will lead to some vulnerability to go further.
@Shtrikh17 said:
Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment… If someone’s got time, please, PM me, I need a little push to the solution.
Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.
@v01t4ic said:
Finally rooted! Thanks this interesting box @MrR3boot!
Hints.
User: come back to the bug
Root: watch what is going on
Hey can anyone give me a nudge on how to find the ‘bak’ file? I’ve found all the vhosts but for the life of me I am getting nowhere in finding this file.
So I think I know the exploit to use but it requires creds… can someone chuck any hints to where these might be or let me know if I am on the wrong track?