@xenofon said:
hey guys why we want to fuzz utili**-sc**** with some tools(wfuzz,gobuster)?
At a basic level (and I don’t mean to sound sarcastic) but if you cant see a good reason to do this, don’t do it.
Work your own path. You may have seen things which hint at this, but the hints could be wrong.
However, if nothing else works, you might want to go back to this.
there is a vulnerabilty on ad***_tas***.p*p (shell_exec) i am trying to get an rce from there but nothing,did anyone do it this way?
I certainly didn’t. If you get it to work, then it is the right path. If it doesn’t work, it is the wrong one. Its literally that simple. Just because something looks like it might be vulnerable, doesn’t mean it is - until you test it. Not every instance of shell_exec is vulnerable to exploitation - you’d need to be able to control what it executes and then you are limited to the privileges the code runs under.
Some boxes have multiple routes to exploitation and if you find genuinely unintended ones, you can let HTB know and they’ll patch it.
One question I would ask though:
You’ve seen hints saying “try $X” but you’ve also found a possible exploit for $Y but no one else appears to have mentioned it. You can’t get $Y working.
Does that imply it is the right path or the wrong path?