Type your comment> @LMAY75 said:
Very quiet in here
Ofcourse, everyone is goneā¦ Fising.
Well, I need a break from Intense so I guess Iāll join come the fun. I feel like Iām so close on the SQLi for that box and just ever so slightly off. Maybe after a break I will be able to think of something.
Hard box to get foothold, found some things but all seem deadends so far.
Type your comment> @SanderZ31 said:
Hard box to get foothold, found some things but all seem deadends so far.
Same here.
Will this involve installing some random software that isnāt normally installed on linux/kali/whatever to access something? Itās the only lead I have at this moment.
Edit: I donāt think thatās it. Lol. I have no idea.
Thereās a hidden site - still not sure if itās a rabbit hole but the source code is online so itās at least halfway easy to maybe find a foothold thereā¦
Stuck, any hint would be welcome.
From the looks of it only 8 users have user so far.
hmm
Wonder if /supbx is the way in?
some kind of SL wizardry ā¦
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I donāt think this is a spoiler because it helps with absolutely nothing, more like a ādonāt waste your timeā spoiler.
Type your comment> @Zot said:
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I donāt think this is a spoiler because it helps with absolutely nothing, more like a ādonāt waste your timeā spoiler.
For get a cookie just go on inspection browser and then on console and write āwindow.cookieā or tab storage cookie
wellā¦ now that i have creds, i feel even more lost than before.
Wtf winrm? rabbit hole? I have valid credentials :neutral:
Type your comment> @zer0bubble said:
wellā¦ now that i have creds, i feel even more lost than before.
As in you made yourself an account, or found some somewhere?
Edit: I donāt speak this language. I donāt think I need an exploit, per se.
Edit: If anyone is on here that has gotten a foothold, am I supposed to chase the ābadā exploit, or am I way off base?
enter in the wastant messenger so what to do now!! tried everything to get the shell!!
bot no use!!
Got creds to something (not the social media site), and I think I know what Iām supposed to do, but everything Iāve tried so far hasnāt worked. And Iām about to throw in the towel.
Finaly got user pff! @S1ckB0y tnx for the headsup when i was stuck.
is something broken, I can log into (not social site) but am greeted with an error.
Type your comment> @luca76 said:
Type your comment> @Zot said:
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I donāt think this is a spoiler because it helps with absolutely nothing, more like a ādonāt waste your timeā spoiler.
For get a cookie just go on inspection browser and then on console and write āwindow.cookieā or tab storage cookie
No luca, I wasnāt trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. Itās all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
Type your comment> @Zot said:
Type your comment> @luca76 said:
(Quote)
No luca, I wasnāt trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. Itās all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
I have the user too, and I have a shell, but itās not easy anyway, in fact I would say that now the road is uphill for me, Iām not good with P **** s *** l
managed to read the root.txt but didnt get a root shell. Anyone who managed to get a rootshell?