Is some form of brute forcing needed to identify the t---- paths on that port it is on? That does not feel like the right approach. Or have I failed to discover something in recon elsewhere?
Always happens. Once I finally “give in” to ask a question, I figure something out.
If you have done the first general scans. Creds do not require brute force. I’m thinking of the next step.
I went back in notes and noticed few overlooked clues in recon. Tried them and found way to get creds. Those do not work in the obvious page one would try them.
I’m in the same situation. I’ve gotten all the credentials, but once I find a set that works, OTP is killing me. I’ve been going back over my recon and looking for something I missed or places to try more recon, but so far I’ve got nothing.
I’m in the same situation. I’ve gotten all the credentials, but once I find a set that works, OTP is killing me. I’ve been going back over my recon and looking for something I missed or places to try more recon, but so far I’ve got nothing.
Found 8***, tried different injections on the forms, tried running a dict against the tp stuff (POST and GET, no joy on either). Played around with the sessid stuff, but that did go anywhere. S**-S****S throwing a 403 looks interesting, but im not sure how to get into it. Hunted through all the source of both sites and didnt find anything juicy. I feel lime im missing some really simple stuff.
Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess
Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess
Did you look at a raw response from 8****?
I’m in the same shoe, maybe I’m querying the 8*** wrong, but it is just an error that there is no path existing at the root. Must be missing something obvious but all the enumeration steps I usually do doesn’t come back with anything.
Same spot. Nothing in the raw response stands out…maybe I am missing something or lacking a specific technique…but a nudge in the thread or a PM would be nice
Rooted using unintended method. I’ll go back and do it legit in a couple of days, but until then here’s my hints for the foothold:
Find all running services, then read the docs
You might have found an interesting dir, try and find a file inside of it.
Once you have access, the first thing you get may not be right. Try a few times and you’ll spot a pattern.
To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
Experiment and extract. You may find certain things which overcomplicate it, but it’s simpler than it looks (not much though).
Rooted using unintended method. I’ll go back and do it legit in a couple of days, but until then here’s my hints for the foothold:
Find all running services, then read the docs
You might have found an interesting dir, try and find a file inside of it.
Once you have access, the first thing you get may not be right. Try a few times and you’ll spot a pattern.
To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
Experiment and extract. You may find certain things which overcomplicate it, but it’s simpler than it looks (not much though).
This makes tons of sense. Now I just need to find the right things thanks man, you’re a rockstar of nudges.