Multimaster

Don’t let it master you!

And here I was hoping for a break after Oouch…

What could possibly go wrong? :smiley:

6 minutes left to launch!

is my connection misbehaving or there is some sort of WAF/rate limiting control in front of that web portal?

@init5 said:
is my connection misbehaving or there is some sort of WAF/rate limiting control in front of that web portal?

Probably rate-limiting. Had the same after too many quick requests

So far, I’ve found several valid users and ipv6 of the host (two tbh, but one is pointing to another machine).
Trying to move forward, but nothing to play with except bruteforcing but I am trying to avoid that.

Anyone is the same!!

@D8ll0 said:
So far, I’ve found several valid users and ipv6 of the host (two tbh, but one is pointing to another machine).
Trying to move forward, but nothing to play with except bruteforcing but I am trying to avoid that.

Anyone is the same!!

Trying to do the same with Intruder, the rate limiting thing is annoying as ■■■■

EDIT: Apparently slowing things down is key, I found a user.

all I’ve got so far is a list of users, but no passwords for any of them yet. Haven’t had any issues with rate limiting yet but I’ve been doing it all pretty slow

How are you guys rate-limiting your dirsearch/gobuster/… and Metasploit is telling me I found 16 valid users which I am pretty sure is wrong. Anyone want to give me a hint on how they are verifying the users are real?

same here got some valid users, but thats all so far…

Validated users and dumped a hash. Onward! :slight_smile:

Edit: Passwords obtained!

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Type your comment> @init5 said:

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Figure out how to properly bypass the WAF :slight_smile:

After 5 hours, all I have is pretty low-priv injection. So many attack points, but everything closed.

I only have a bunch of users, with which no brute forcing works, and still trying to poke around the #$#!@ WAF

Type your comment> @farbs said:

Type your comment> @init5 said:

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Figure out how to properly bypass the WAF :slight_smile:

This is useful hint.
It worked with me.

Type your comment> @D8ll0 said:

Type your comment> @farbs said:

Type your comment> @init5 said:

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Figure out how to properly bypass the WAF :slight_smile:

This is useful hint.
It worked with me.

This worked for me too. Bypassing WAF got me to next phase of exploitation.

There is a really easy way to get a list of 17 users on the web front end using one request and intruder.

Spoiler Removed