I’m having trouble copying the files from the remote box to my machine. scp keeps giving me connection refused. Should I just copy and paste? That doesn’t seem right.
just started this box and already annoyed with finding the directory. have ran it through dirbuster, wfuzz, ffuf etc without results. Can someone shoot me a nudge?
Edit - Once again, i was so close and just missed a stupid part. Thanks for the help everyone. Time to pull my hair out next looking for user.
I’m having trouble copying the files from the remote box to my machine. scp keeps giving me connection refused. Should I just copy and paste? That doesn’t seem right.
if you want to just copy/paste it, encode it into base64 first
I’m pretty confident about my ffuf syntax but i’m obviously missing something, could someone PM me? No fuzzer gives me any result. I want to move on already!
Having trouble finding the .py file. Tried using dirbuser, dirb, wfuzz, ffuf, with almost every wordlist. Not sure what I am doing wrong. Can someone PM me, I would greatly appreciate it.
rooted!
Nice box, force us not only to read an understand source code, also offers a good exercise analyzing it looking for vulnerable code and how to exploit it.
So this being my first box - quite enjoying it so far. However, got as far as the py code and know where the vuln is… just have no clue how to go about it! Any nudges are welcome
Rooted finally! Had a lot of fun with this one.
As others have mentioned, I found user to be much harder than root.
Some tips:
Foothold: How can you get somewhere else from where you are? Read the code carefully and understand what it’s doing. How can you make sure the server handles your request the way you intend it to?
User: Again, read the code. This is a common equation. Basic algebra helps here, write it out.
Root: Code will tell you everything, time is of the essence. What inputs do you have control over? Focus on that.