I have been trying to find vhosts using wfuzz and vhostchecker, but no luck. All of the requests return 200, how do you guys tackle that? So far i have been filtering on line/word count. Is there a better way?
Would appreciate a nudge.
I have been trying to find vhosts using wfuzz and vhostchecker, but no luck. All of the requests return 200, how do you guys tackle that? So far i have been filtering on line/word count. Is there a better way?
Would appreciate a nudge.
Type your comment> @tang0 said:
I have been trying to find vhosts using wfuzz and vhostchecker, but no luck. All of the requests return 200, how do you guys tackle that? So far i have been filtering on line/word count. Is there a better way?
Would appreciate a nudge.
check email
The creator of this box need a noble prize for trolling HAHA
iam stuck at login page any hints i have tried some basic s** I*******n.
Type your comment> @he110w0r1d said:
Type your comment> @tang0 said:
I have been trying to find vhosts using wfuzz and vhostchecker, but no luck. All of the requests return 200, how do you guys tackle that? So far i have been filtering on line/word count. Is there a better way?
Would appreciate a nudge.
check email
Thanks, totally missed that.
@AhadAli said:
iam stuck at login page any hints i have tried some basic s** I*******n.
It isn’t that. Its more templated.
stuck in the D***** S****** M******** using a self created user.
any nudge would be appreciated. tried s** mp for basic s** I******n too.
Type your comment> @AhadAli said:
iam stuck at login page any hints i have tried some basic s** I*******n.
S** Injection is so 2009
Type your comment> @LMAY75 said:
Spoiler Removed
■■■■ apparently my post root analysis gave away too much, I thought it was pretty vague but hey who knows.
Just want to reiterate that if anyone needs a hint they should feel free to DM me, this was more challenging than usual for an easy box.
Rooted. I agree that is not an easy one, in particular the first part.
DM me if you need a nudge.
Thanks to EgotisticalSW for this nice box.
Any hints for r00t ? I take it involves the high port and dash L ? Cant seem to get dash L to work though
Type your comment> @n3wb1en3w said:
Any hints for r00t ? I take it involves the high port and dash L ? Cant seem to get dash L to work though
DM sent
Type your comment> @wazKoo said:
Wondering how people discovered the 1st exploit S**I on that page. Since it was kinda blind not knowing how to trigger and check the result
Yeah, I agree, that was a bit obtuse. I figured it out pretty much from luck and viewing source because I found it odd that this page existed, but nothing was there. It was kind of sticking out like a sore thumb.
root
uid=1002() gid=1002() euid=0(root) groups=1002(*****)
No easy box at all. Foothold and user were just insane, would never have got those without helpful nudges from the good people of the forum. Root was a piece of cake though, assuming I went with the normal path.
Rooted. thanks to @ArtemisFY for helping me in sorting out where i was getting lost.
IMHO, there’s a misconception on the classification easy-medium-hard-insane which is not really related to the true “stiffness” of the box.
hints:
foothold: once you find it, be kind and leave a message asking what you want.
user 1: your favourite enum scripts will tell everything.
root: google the high one.
Edit:
wanted to add that this box taught me a lot more than many other “hard” boxes, so thanks @egotisticalSW
Thank you so much @bertalting and @Smyrie for the nudges on the initial foothold. I guess I was a little cocky because of the “easy” label of this box. Turns out, it wasn’t as hard as I was making it to be. I overlooked one small detail. The nudges helped me see what I missed.
Getting root was pretty hectic, but it all came down to google fu. It was easy enough, just a bit tedious.
All in all, this was pretty humbling for me, I came into it pretty cocky then immediately realized I am NOT Mr. Robot. But seriously, thanks @egotisticalSW for this box!
Not an easy machine for me, learned new things, sometimes boxes like this point me to great articles.
I feel like I’m somehow overcomplicating things here, I can’t get the shell to pop at all through D***** S***** M******** and the A******, anyone mind helping me figure this out?
Type your comment> @pizzapower said:
Type your comment> @wazKoo said:
Wondering how people discovered the 1st exploit S**I on that page. Since it was kinda blind not knowing how to trigger and check the result
Yeah, I agree, that was a bit obtuse. I figured it out pretty much from luck and viewing source because I found it odd that this page existed, but nothing was there. It was kind of sticking out like a sore thumb.
It’s an odd vuln for an easy box. Not even X** but a really specific offshoot.
I tried many injection into DSM login page but without success … I saw something with GZIP into HTTP, I will start doing some research about it !! could someone guide me it this is te right way !! I´m still looking for the user!!