Got root
Thanks @clubby789 for the box, so much fun!
Also learn some new things
still trying to find directory, can you give me a nudge please?
@lesleybw said:
Struggling with finding the directory…
Tried a lot of fuzzing tools including the praised ffuf without any luck
Need a bit of help,let me know if I can pm for nudge
it’s really easy guys. Probably you are rushing with wordlists and not thinking clear. Step back a second a think about the syntax. You have the child and want to fuzz the parent…
Got root
Thanks @clubby789 for the box, so much fun!
Also learn some new things
still trying to find directory, can you give me a nudge please?
@lesleybw said:
Struggling with finding the directory…
Tried a lot of fuzzing tools including the praised ffuf without any luck
Need a bit of help,let me know if I can pm for nudge
it’s really easy guys. Probably you are rushing with wordlists and not thinking clear. Step back a second a think about the syntax. You have the child and want to fuzz the parent…
yeah, i got the idea. but not the (working) tools.
found a directory and the file manually.
now figuring the next step
Can someone please give me nudge on finding the secret directory for the py file. Tried brute forcing with dirb but it fails for some reason.
Thank you
Great box, slightly CTF-y though. Thank you @clubby789
Foothold: Rather than going with your traditional tools, I suggest finding the file manually. In the file, look for something that could get you in.
User: I felt this was pretty straightforward, enough hints hereon the thread.
Root: Did it the unintended way first (because duh), but then later did it the intended way. It’s pretty easy, don’t go down rabbit holes.
Not really sure how to fuzz this, can someone send me a > @d3kum1d0r1y4 said:
Can someone please give me nudge on finding the secret directory for the py file. Tried brute forcing with dirb but it fails for some reason.
Thank you
Same here, somehow I’m unable to fuzz this box. Can someone PM me a nudge?
Fuzzing the file dir was easy and straightforward.
But I have no idea what I can do with the .py. I have saved it on my local machine and run it but get errors.
And I have read the contents line by line but I could not determine anything juicy to get further.
Anyone who can point me to the right direction with the .py? Thx
I’m new in the hacking world and I have decide to try this machine, but I’m struggling to understand the py script or even run it, I’m not a python person, my mistake it seems.
So I have found the directory and the py script and I need help to understand it, is anyone able to help me?
For those who struggle finding the dir, try playing around with file you can access in the source code and understand why your (dirb, wfuzz or whatever) is not working
Found the hidden dir and file, ffuf is an awesome tool - will keep it in the reserves for future use… but that is where i am stumped. Looking for some resources to point me in the right direction for understanding what i’m reading in the code. Also, kind of stumped on how to recreate it locally for testing out a PoC before trying on the box. PM’s welcome - thx
edit - thx @Sekisback for the nudge - to anyone reading this… dont let yerself get too lost in the code… keep it simple and get involved with the requests you are sending to the box… maybe modify one of them and… that is the hint for foothold.