I’m so lost with privilege escalation… I got into the mysql database, found something that one user said, but still nothing. I don’t see what else I’m supposed to do here. Any tips would be greatly appreciated. PM if you like.
Hey guys, struggling with the privilege escalation for a couple of days ,and looking for a life line. I’ve got a hash from the WP-> DB, and tried cracking it without success. I was looking around as one user for anything odd, and nothing is jumping out to me when running LinEnum.sh. Anyone available for a DM to help me get on the right path?
I found two potentially interesting files, and been reading over the OWASP top 10. Only found one thing that could potentially be it, but I’m not sure how I’d leverage it. Could someone PM me to discuss if I’m on the right track?
@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please
This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.
I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment
@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please
This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.
I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment
Look what is displayed on the screen. Imagine how the application works and how output changes when you send input. It will quickly become clear how you need to format your payload.
@owodelta said:
found the OWASP thing mentioned here, but have no idea on how to use it.
PM please
This is indeed a tricky one. When I got a nudge, everything became simple, till root. The key thing is how to submit the payload.
I figured out what happens with the content of the files (what happens if you submit it and what is returned).
but can not get an idea how to move that a step forward.
i need that moment of enlightment
Look what is displayed on the screen. Imagine how the application works and how output changes when you send input. It will quickly become clear how you need to format your payload.
I understood how the initial input is converted and displayed.
The part i am struggling is how to change the functionallity to something else (and if that is possible )
although i haven;t done a lot of testing on it yet…