Multimaster

@D8ll0 said:
So far, I’ve found several valid users and ipv6 of the host (two tbh, but one is pointing to another machine).
Trying to move forward, but nothing to play with except bruteforcing but I am trying to avoid that.

Anyone is the same!!

Trying to do the same with Intruder, the rate limiting thing is annoying as ■■■■

EDIT: Apparently slowing things down is key, I found a user.

all I’ve got so far is a list of users, but no passwords for any of them yet. Haven’t had any issues with rate limiting yet but I’ve been doing it all pretty slow

How are you guys rate-limiting your dirsearch/gobuster/… and Metasploit is telling me I found 16 valid users which I am pretty sure is wrong. Anyone want to give me a hint on how they are verifying the users are real?

same here got some valid users, but thats all so far…

Validated users and dumped a hash. Onward! :slight_smile:

Edit: Passwords obtained!

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Type your comment> @init5 said:

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Figure out how to properly bypass the WAF :slight_smile:

After 5 hours, all I have is pretty low-priv injection. So many attack points, but everything closed.

I only have a bunch of users, with which no brute forcing works, and still trying to poke around the #$#!@ WAF

Type your comment> @farbs said:

Type your comment> @init5 said:

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Figure out how to properly bypass the WAF :slight_smile:

This is useful hint.
It worked with me.

Type your comment> @D8ll0 said:

Type your comment> @farbs said:

Type your comment> @init5 said:

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Figure out how to properly bypass the WAF :slight_smile:

This is useful hint.
It worked with me.

This worked for me too. Bypassing WAF got me to next phase of exploitation.

There is a really easy way to get a list of 17 users on the web front end using one request and intruder.

Spoiler Removed

Type your comment> @farbs said:

Type your comment> @init5 said:

@farbs said:
Validated users and dumped a hash. Onward! :slight_smile:

Hints? ?

Figure out how to properly bypass the WAF :slight_smile:

I’d be interested to hear if you have any pointers on how you got the hashes

Spoiler Removed

wtf no blood till now

Anyone had any luck with the hashes yet?

I’ve tried cracking them with some public lists, some of my own and from scraping and still no thing.

Users?, You guys got users? :wink: , well any hints to get those 17???

Type your comment> @nav1n said:

Users?, You guys got users? :wink: , well any hints to get those 17???

You need to find the part of the site to do with names then bypass the WAF by talking to it differently to normal.

Sorry if this seems confusing. I tried to be clearer above and it got marked a spoiler.

Type your comment> @GoldsteinNZ said:

Type your comment> @nav1n said:

Users?, You guys got users? :wink: , well any hints to get those 17???

You need to find the part of the site to do with names then bypass the WAF by talking to it differently to normal.

Sorry if this seems confusing. I tried to be clearer above and it got marked a spoiler.

Got it, thanks alot :slight_smile: