Hint for TartarSauce!

tried all obvious pwds and the app intentionally sleeps for 10sec when pwd is wrong.
empty pwd 100ms
wrong pwd 10100ms

#Hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
also the file upload is a not working, nor can we create a user…
as said by sir @3mrgnc3 we have to enumerate more …!!!

@p5yph3r said:
hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
also the file upload is a not working, nor can we create a user…
as said by sir @3mrgnc3 we have to enumerate more …!!!

Sorry for being sarcastic, but what about user ID? Did you also “guess” it?
You are the luckiest person I know.

@p5yph3r said:
hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,

No they are not. At least not user ID.

Yeah , on HTB , i usually try the silliest passwds first, sometimes I get lucky,Like this one…!!!
if you still havent got the username, PM me

Spoiler Removed - Arrexel

@bugzy said:
Spoiler Removed - Arrexel

I don’t think this is going to work… someone already said that you can’t upload files neither plugins.

Spoiler Removed - Arrexel

@NinjaRockstar said:

@xdavkk said:

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

I don’t think this is going to work… someone already said that you can’t upload files neither plugins.

I agree. It won’t work. It’s mostly the same as this one: Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution - PHP webapps Exploit

There is other stuff to look at though.

yup

@xdavkk said:

@NinjaRockstar said:

@xdavkk said:

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

I don’t think this is going to work… someone already said that you can’t upload files neither plugins.

I agree. It won’t work. It’s mostly the same as this one: Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution - PHP webapps Exploit

There is other stuff to look at though.

yup

looking …

if you dont have results, change your way

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

hint for anyone that stuck on upload
you should look for something else than that :wink:

Any hint on the username?

even the upload for the plugins doenst work…also i have editted the 404page…but nothing is using the 404page…even i try id=blogX or id-filemanagerX still 404page doesnt come up…it just says “Aw snap…etc”…am i still missing sonething?..thanks in advance…

hi firefart…just think of being a lazy person who is installing monstra…

or it can be found on the files that are viewable…

I tried all possible options on the website, and nothing seems to work…

Is it something else? Should do a comprehensive nmap for all ports?

You can PM if it contains spoilers…

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

Yeah i’ve wrote this exploit, after downloading the Montra fuzzing it, but the code on this machine doesn’t work because they block every interaction with the DB