Official Intense Discussion

nothing is really useful so far my man lol, just decided to remove it all just incase

the path however means something i think

Type your comment> @JMFL said:

nothing is really useful so far my man lol, just decided to remove it all just incase

the path however means something i think

maybe…

Someone who didnt use the leaked the py script want to chime in with a hint?

http://10.10.10.195/static/lib/bootstrap/js/bootstrap.min.js

.

Can someone give me a nudge on the foothold of this machine? So far, I have found that a port 161 is closed but maybe we can access it and also admin directory is forbidden so no idea how to access that. It would be great if someone can assist me.

Also, i am working on the message submit part and the port 161 part

Is the message a rabbithole? I can make valid requests but cant extract data since i havent found a way to delay time. Also tried to bypass the filter with fuzzing the bad words with every unicode char.

@testmeister Not sure, that is where I’m stuck now, the problem is that any valid query just returns a 200 OK.

Hi I would like a nudge, I found the S*** on S***** M******.
all my attempts that are syntatically correct render OK.
I tried the usual, any help would be appreciated!
I tried to do a S**I as well on that same page, no result {{ crying :slight_smile: }}

Does anyone know what we can do with this?

/submit?setoption=q&option=allowed_ips&value=255.255.255.255

nikto scan produced this for me

An early form of the chunked transfer encoding was proposed in 1994.[1] Chunked transfer encoding is not supported in HTTP/2, which provides its own mechanisms for data streaming. has anyone messed with this format?

Working on root. Dissatisfied by my current lack of a shell. Anyone willing to do a sanity check for my current thought process? Thanks.

Type your comment> @sparkla said:

Type your comment> @JMFL said:

Does anyone know what we can do with this?

/submit?setoption=q&option=allowed_ips&value=255.255.255.255

Were does this actually come from? One of the first things someone sent me without any explanation.

+1 you cant use something you dont know how it work or from where is come from

OSVDB-3126: /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.

false positive

oooofffff i got something

So, I can read user flag but can’t get a proper shell. I Appreciate any hints on that

can anyone pm a hint me? im stuck at the R*E part