There’s a hidden site - still not sure if it’s a rabbit hole but the source code is online so it’s at least halfway easy to maybe find a foothold there…
Stuck, any hint would be welcome.
From the looks of it only 8 users have user so far.
hmm
Wonder if /supbx is the way in?
some kind of SL wizardry …
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I don’t think this is a spoiler because it helps with absolutely nothing, more like a “don’t waste your time” spoiler.
Type your comment> @Zot said:
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I don’t think this is a spoiler because it helps with absolutely nothing, more like a “don’t waste your time” spoiler.
For get a cookie just go on inspection browser and then on console and write “window.cookie” or tab storage cookie
well… now that i have creds, i feel even more lost than before.
Wtf winrm? rabbit hole? I have valid credentials :neutral:
Type your comment> @zer0bubble said:
well… now that i have creds, i feel even more lost than before.
As in you made yourself an account, or found some somewhere?
Edit: I don’t speak this language. I don’t think I need an exploit, per se.
Edit: If anyone is on here that has gotten a foothold, am I supposed to chase the “bad” exploit, or am I way off base?
enter in the wastant messenger so what to do now!! tried everything to get the shell!!
bot no use!!
Got creds to something (not the social media site), and I think I know what I’m supposed to do, but everything I’ve tried so far hasn’t worked. And I’m about to throw in the towel.
Finaly got user pff! @S1ckB0y tnx for the headsup when i was stuck.
is something broken, I can log into (not social site) but am greeted with an error.
Type your comment> @luca76 said:
Type your comment> @Zot said:
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I don’t think this is a spoiler because it helps with absolutely nothing, more like a “don’t waste your time” spoiler.
For get a cookie just go on inspection browser and then on console and write “window.cookie” or tab storage cookie
No luca, I wasn’t trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It’s all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
Type your comment> @Zot said:
Type your comment> @luca76 said:
(Quote)
No luca, I wasn’t trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It’s all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
I have the user too, and I have a shell, but it’s not easy anyway, in fact I would say that now the road is uphill for me, I’m not good with P **** s *** l
managed to read the root.txt but didnt get a root shell. Anyone who managed to get a rootshell?
I’ve been in a shell for two days without being able to do ■■■■, but what fucking witchcraft is this?
rooted without root shell. I don’t think this box could pop root shell, since we’re limited function
Interesting, I have a fully functional user shell but not super clear atm where to go next.
Type your comment> @luca76 said:
Type your comment> @Zot said:
Type your comment> @luca76 said:
(Quote)
No luca, I wasn’t trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It’s all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)I have the user too, and I have a shell, but it’s not easy anyway, in fact I would say that now the road is uphill for me, I’m not good with P **** s *** l
I’ve never used the… restricted environment (if you’ve made it to that user, which you probably have). So this is just going to be a lesson for me. As soon as I got user level access I busted out meterpreter. So navigating the system has been a breeze, but yeah, gotta study the docs for je******** you know.