Rooted thanks for all
USER :
_connect as admin in 80
_try to read what you normally don’t be allowed
admin and standard user is your friend
ROOT :
_suspicious service are running
_CVE and little more
Feel Free to PM
Does anyone have any good reading material on how to exploit the upl***? I suspect it has something to do with .H. Des… with ph… files.
Rooted
Really liked the attack vectors for both user and root, definitely learned something here.
Little critique: I always had other people getting in my way, because everybody is trying to exploit exactly the same thing. I do understand that with the kind of vulnerabilities that are being taught here, this is hard to circumvent.
Thanks for creating this one @MrR3boot!
Type your comment> @mech said:
@MrR3boot is absolutely one of the best box creators on this platform.
I’ve still not got root but user was a fantastic learning experience. Lots of different functionality to test with lots of classic bugs re-imagined, combined or used in ways that you don’t usually think about them. Taught me to respect even the more humble bugs and to think outside the box a little bit.
Dreading figuring out how to root this but nonetheless great job!
Amazing box. @MrR3boot keep bringing boxes like this! Priv esc was really useful and I learned something new from it.
User was pretty easy , root took me longer than it should have, made a tiny mistake in my pay**** file.
TIps User; Typical methods like brute-forcing will not help you, try various account takeover methods. Pay attention to the char limit on sign up form.
Root; Simple , do your research!
What might mess with you is the syntax , in that case feel free to PM me.
@CodingKoala said:
RootedReally liked the attack vectors for both user and root, definitely learned something here.
Little critique: I always had other people getting in my way, because everybody is trying to exploit exactly the same thing. I do understand that with the kind of vulnerabilities that are being taught here, this is hard to circumvent.
Thanks for creating this one @MrR3boot!
Agreed , my fav box creator on this site. All of his boxes actually make you think out of the box , I feel the other boxes although are different get repetitive , because you use the same typical methods like brute-forcing to get access to a panel or finding creds with anon ftp login. This box really tests you
@bertalting said:
Why not creating your own one instead of guessing
I think I know where, it seems both forms are together one over the other, but haven’t figured out how to make it take my new creds.
Unless it’s the unpriv one and then I change it’s role?
Seems I keep having issues with login forms, need to get better at this.
@gu4r15m0 said:
@bertalting said:
Why not creating your own one instead of guessing
I think I know where, it seems both forms are together one over the other, but haven’t figured out how to make it take my new creds.
Unless it’s the unpriv one and then I change it’s role?
Seems I keep having issues with login forms, need to get better at this.
Try not to overthink this stage.
It is very difficult to explain without spoilers but at a very high level, look at ways you can use the signup page to manipulate the database into thinking something important has changed.
BTW, there’s a good blog i found helped me a lot in the last step for user just if you know what you are searching for
also for people getting invalid format for the key, decrease the font and it will works
Type your comment
Type your comment> @N7E said:
@CodingKoala said:
RootedReally liked the attack vectors for both user and root, definitely learned something here.
Little critique: I always had other people getting in my way, because everybody is trying to exploit exactly the same thing. I do understand that with the kind of vulnerabilities that are being taught here, this is hard to circumvent.
Thanks for creating this one @MrR3boot!
Agreed , my fav box creator on this site. All of his boxes actually make you think out of the box , I feel the other boxes although are different get repetitive , because you use the same typical methods like brute-forcing to get access to a panel or finding creds with anon ftp login. This box really tests you
sadly taking some break. See you all soon
working on root now. I’ve been bashing my head with lr***. is this even the right way to go? If yes, then a little help would be appreciated. just pm me for a nudge. Thanks.
I’m working on root and I stuck on waiting for rot** . a little help about how to trigger it would be appreciated . just pm me for a nudge. Thanks.
#Edit : Got it and rooted
could someone help me with the admin panel,i want hints not answers
thanks
any hints for user im so fustrated , cant get anything