Does this “error” suppose to take u somewhere or just bad file format?
dirb is outputting a lot of things! could be rabbit hole or not!
Type your comment> @vu1ns0c said:
Does this “error” suppose to take u somewhere or just bad file format?
Also getting a JVM error, could be a rabbit hole…
docx2pdf? I think some Win thingy is taking place. Solar
This box is a very chonky boy.
![So-very-slow](upload://3uX260agX7LHnFqC2DsnThmedIh.gif "old-tech-was-used-on-this-box-i-think.It-should-be-fun!")
The first vuln seems almost too obvious, but I can’t come up with a working proof in spite of all I’ve read about related exploits. Feels like I’ve read too much in one sitting and lost focus.
Does anyone have a lead on some good study material?
@t4nt said:
The first vuln seems almost too obvious, but I can’t come up with a working proof in spite of all I’ve read about related exploits. Feels like I’ve read too much in one sitting and lost focus.
Does anyone have a lead on some good study material?
I am in an identical position I think. I’ve tried a few things which I thought would work but so far, nothing.
It’s a bit frustrating because I can’t tell if it is my own incompetence or if the approach is wrong
Still, onwards and upwards, once more unto the breach (etc).
3 hours and no blood. Somethings going on here
Tough box.
I am assuming there should be a vulnerability with the upload feature. Am I right? or nobody knows yet?
@TheNerd said:
I am assuming there should be a vulnerability with the upload feature. Am I right? or nobody knows yet?
I suspect, “no one knows yet” is the correct answer.
This box seems crazy hard so far. Nearly 6 hours and one blood. Barely found anything myself
I am suspecting the way to this box is through the upload function and I think it’s vulnerable to XXE.
Some errors I got mentioned there is an issue with libreoffice, but I am not sure if this is the way to the box.
Type your comment> @D8ll0 said:
I am suspecting the way to this box is through the upload function and I think it’s vulnerable to XXE.
Some errors I got mentioned there is an issue with libreoffice, but I am not sure if this is the way to the box.
These are my thoughts too. Perhaps mimicking the service locally will be beneficial…?
looks like ssrf in upload
I found a technique on mitre website that has to do with Microsoft’s Open Office XML.
maybe
Found a way to force patent to download something from my webserver. Now it’s about exploiting it
There is a php version of the visible html page. I think it is the way in considering the comments in it.
6 users till now ? lol im gonna skip dis