tried all obvious pwds and the app intentionally sleeps for 10sec when pwd is wrong.
empty pwd 100ms
wrong pwd 10100ms
#Hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
also the file upload is a not working, nor can we create a user…
as said by sir @3mrgnc3 we have to enumerate more …!!!
@p5yph3r said:
hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
also the file upload is a not working, nor can we create a user…
as said by sir @3mrgnc3 we have to enumerate more …!!!
Sorry for being sarcastic, but what about user ID? Did you also “guess” it?
You are the luckiest person I know.
@p5yph3r said:
hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
No they are not. At least not user ID.
Yeah , on HTB , i usually try the silliest passwds first, sometimes I get lucky,Like this one…!!!
if you still havent got the username, PM me
Spoiler Removed - Arrexel
@bugzy said:
Spoiler Removed - Arrexel
I don’t think this is going to work… someone already said that you can’t upload files neither plugins.
Spoiler Removed - Arrexel
@NinjaRockstar said:
@xdavkk said:
@bugzy said:
when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/I don’t think this is going to work… someone already said that you can’t upload files neither plugins.
I agree. It won’t work. It’s mostly the same as this one: Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution - PHP webapps Exploit
There is other stuff to look at though.
yup
@xdavkk said:
@NinjaRockstar said:
@xdavkk said:
@bugzy said:
when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/I don’t think this is going to work… someone already said that you can’t upload files neither plugins.
I agree. It won’t work. It’s mostly the same as this one: Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution - PHP webapps Exploit
There is other stuff to look at though.
yup
looking …
if you dont have results, change your way
Spoiler Removed - Arrexel
Spoiler Removed - Arrexel
hint for anyone that stuck on upload
you should look for something else than that
Any hint on the username?
even the upload for the plugins doenst work…also i have editted the 404page…but nothing is using the 404page…even i try id=blogX or id-filemanagerX still 404page doesnt come up…it just says “Aw snap…etc”…am i still missing sonething?..thanks in advance…
hi firefart…just think of being a lazy person who is installing monstra…
or it can be found on the files that are viewable…
I tried all possible options on the website, and nothing seems to work…
Is it something else? Should do a comprehensive nmap for all ports?
You can PM if it contains spoilers…
@bugzy said:
when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/
Yeah i’ve wrote this exploit, after downloading the Montra fuzzing it, but the code on this machine doesn’t work because they block every interaction with the DB