ForwardSlash

Type your comment> @lebutter said:

I have never noticed but looping through each line of rockyou in Python gives me issues, i have to ignore several entries, it cannot properly decode some lines…

Force conversion to UTF8 and it should work !

Yeah! I Liked this new e********* t*** a lot! It was as cute as it could be!
Now I can finally do mental math in Hexadecimal.
Thank you @InfoSecJack and @chivato for this amazing learning experience.

i dont know where else to look, i got some creds in c*****.**p file, i would appreciate some help, smh

This box was a struggle from start to finish for some reason - my brain took a vacation. But with some patient no-spoiler help I got there and went back to figure out why it was difficult. Learned some good lessons, or rather re-learned them. Glad that one is over with.

Hey guys, any nudge with the X** API T**** ? Unable to change my picture… Cant get through the 403…

rooted! I’ve learnt many things with this box!

For user:

  • When ready to exploit the interesting binary, remove any traces.

I spent several hours wondering why I didn’t see my expected output…

have been on the discovery part for hours but cant find any directories.am i missing out anything like vhost (i’m already at forwardslash.htb)

a nudge would be helpful

@hawksvision said:
i missing out anything like vhost (i’m already at forwardslash.htb)

a nudge would be helpful

Have you explored that path?

Type your comment> @nicoswd said:

@hawksvision said:
i missing out anything like vhost (i’m already at forwardslash.htb)

a nudge would be helpful

Have you explored that path?

@nicoswd said:

@hawksvision said:
i missing out anything like vhost (i’m already at forwardslash.htb)

a nudge would be helpful

Have you explored that path?

do you mean vhost bro

Type your comment> @hawksvision said:

Type your comment> @nicoswd said:

@hawksvision said:
i missing out anything like vhost (i’m already at forwardslash.htb)

a nudge would be helpful

Have you explored that path?

@nicoswd said:

@hawksvision said:
i missing out anything like vhost (i’m already at forwardslash.htb)

a nudge would be helpful

Have you explored that path?

do you mean vhost bro

thank you bro

Spoiler Removed

Type your comment> @hasky said:

need help,

i found LFI and get get c*****.php mysql password of www-data and get a**.php but i don’t know how to use that password…

should i get more file from server or enumerate further…
it is my first hard machine…

thanks

edit: rooted :slight_smile: thanks for helping me @zard and others for nudge PM

stuck at the same point got a little further and can get the x*l submit page but dont know how to get through this

I think I’m just a little bit behind @hawksvision and @hasky re: the intial foothold…

I’ve found the site where it’s possible to force a file upload, but any PHP code that I upload there never runs. It prints HTML fine, but completely ignores any PHP.

How do I force my uploaded PHP code to be run properly please ??

EDIT: Thanks everyone, got SSH access now. Battling with the next stage now…

Hello everyone, I can S** into the machine as c***, now I am figuring a way switch to another user. I noticed the b***** file but it doesn’t work as I expected.

Any nudge? PM me pls.


rooted. thanks marlasthemage


PM me if you need help.

Finally rooted, pfiouh !

MP me if you need some help :slight_smile:

Hello I’m stuck trying to use the LFI… I would appreciate if anyone can private message me and point me where I can read about typical paths and and files I should enumerate.

thanks in advance!

Edited: I was enumerating the correct files but not in the correct way :smile:

For those stuck in the LFI, check the obvious files but note that filters have to be applied to get to the source of the problem.

Could somebody please help me out with the user1 > user2 code… I’ve been trying to brute-force it for 2 days now, beginning to worry that I’ll burn out my CPU!!

Happy to provide details of what I’ve been trying, just don’t want to put spoilers here. (Not that anything I’ve been doing is likely to be a spoiler… because it doesn’t work!!)

@lightfu said:
Could somebody please help me out with the user1 > user2 code… I’ve been trying to brute-force it for 2 days now, beginning to worry that I’ll burn out my CPU!!

Happy to provide details of what I’ve been trying, just don’t want to put spoilers here. (Not that anything I’ve been doing is likely to be a spoiler… because it doesn’t work!!)

Send me your code if you want. I bet you’re much closer than you think

Type your comment> @juanpablito said:

Type your comment> @lebutter said:

I have never noticed but looping through each line of rockyou in Python gives me issues, i have to ignore several entries, it cannot properly decode some lines…

Force conversion to UTF8 and it should work !

I still haven’t figured out how to force this in Python (ignore, yes). I also can’t get the BF to work. Please PM if you can help.

EDIT: figured it out. PM for hints.