FluxCapacitor :@

Rooted. Shell and all. Fun box overall, but very finicky.

I’m having trouble finding the parameter. Can someone give a nudge on how to go about finding it?

@R0b1n said:
I’m having trouble finding the parameter. Can someone give a nudge on how to go about finding it?

Read above comments in this topic. You will get some idea. fuzzing with wfuzz worked for me.

Can someone DM me? I want to discuss this box

@starry said:

@R0b1n said:
I’m having trouble finding the parameter. Can someone give a nudge on how to go about finding it?

Read above comments in this topic. You will get some idea. fuzzing with wfuzz worked for me.

I get that you are supposed to use wfuzz to fuzz for parameters, but I cannot get any result. Is it a problem with the wordlist or am I going about it the wrong way?

I have the same problem. Got 403 permission deniend. Found what create the 403 code. Tried to change and encode it. I’m not sure what is the problem. I read all the tutorials. And tried different bypass method. But still not work.

@R0b1n said:

@starry said:

@R0b1n said:
I’m having trouble finding the parameter. Can someone give a nudge on how to go about finding it?

Read above comments in this topic. You will get some idea. fuzzing with wfuzz worked for me.

I get that you are supposed to use wfuzz to fuzz for parameters, but I cannot get any result. Is it a problem with the wordlist or am I going about it the wrong way?

I would say when you Fuzz this

-" Any decent medium/large wordlist will probably work. The key is knowing how to arrange your testing so that you can differentiate between normal activity and any filtering that occurs when the appropriate parameter is sent." according to quadzer0’s hints.

-What character is possible to get you the error in Blind injection after your searching param? use it when you run wfuzz to fuzz the param out. And read all output carefully to notice what’s different for instance: “word” “Chars”.

-According to someone’s saying in earlier page of this topic “Beware of certain HTTP clients in your attempts!.Some HTTP clients do not respect your wishes” which mean the WAF could block some browser user-agents as well.

Rooted … pheww

Can someone who has found the param DM me? I have tried multiple wordlsts and have got nothing.

Finally got in and got root. This is by far the worst box I have encountered on this site. Down voted.

Finally got root as well and wondering what was more devastating - taking user or root. Somebody wrote here about taking root without having interacting shell. Still not sure if this is possible. I did it with shell.

Can someone give me the wfuzz format needed to fuzz the url?
I’ve tried countless times but won’t get any usable outcome.

I’m not sure if I got the correct parameter, but using that and putting some command on it gives me 403 but when using globing I got 200 response but no output from the command. any advice? thanks

nevermind

Can anyone PM me? I am pretty sure I understand how this works and I found the right parameter but when I get a command that is not forbidden, I only get the stamp back.
Not getting anything back from the server, just timestamp or 403 filtered request. So how would someone proceed?

Please pm, it seems that I tried every technique but I still can’t get a good response. Any nudges?

Same boat here, plus fuzzing is time consuming in this case. Any help really appreciated !

I feel i fumbled my way through a lot of the start of this one, so take my advice with a grain of salt.

If you see the timestamp, you have the right parameter, now you just need a value… just repeat what you’ve done until now for it, look for any changes and conmmonality in what caused them.
When i figured out the first bit i did the second bit manually as I couldnt find a magic wordlist or parameter that did it all for me, it’s very obvious if you just add the right thing.

Got root. Very challenging box.

Anyone who can PM me a hint for where to find the parameter? Or a good fuzzing tutorial that teaches me how to find it? :slight_smile:

I’ve read the posts by the creator, didn’t really ring a bell.