Nice box! Don’t forget to update your enum scripts.
You know, I think about that a lot, and then I don’t end up doing it until I reinstall the OS or VM. It would definitely be a good practice to update more often, haha.
Someone give me a nudge please.
I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don’t know what should I do next. Thx.
Can someone help me with the inital foothold? I got into the “secret” page and saw some interesting info, researched some things and tried some exploits with no luck.
@hashtagdeg said:
Someone give me a nudge please.
I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don’t know what should I do next. Thx.
Can someone help me with the inital foothold? I got into the “secret” page and saw some interesting info, researched some things and tried some exploits with no luck.
Could someone pm me pls?
You’re on the right track.
You either need to dig further, or check the exploits’ params
Would someone be able to nudge me? I know where i need to change a value to escalate my privilege on the website but I have no idea how to go about finding the correct value to use, nor how to properly enumerate. I tried burp intruder but only received a bunch of errors.
I’m also curious as to whether the site should look broken? None of the links I click work correctly, not even logout. I have no idea if it’s intentional or not.
If u have already escalated ur privilege on the website then maybe u should try to search for some other portal for logging in as a privileged user
Rooted. For some reason, I did not notice the first step for foothold for quite an embarrassing amount of time. Sometimes it helps to go very slow at the start of your investigation and examine everything carefully. It’s so dead obvious, you cannot miss it… I guess I was expecting something to be found at a later step. It really is easier than anything I have seen before on here so I guess I didn’t expect it to be there. A good lesson in being thorough I guess.
The rest of the box flowed fairly quickly and did not require any brute force or scanning. Everything can be done with off the shelf tools and this box really did feel easy for once. Nice box to get me back in the mode after a couple month break, I enjoyed it!
Wow web apps are really not my thing. Using the bodily function program on the second login page but whichever of the 3 parameters I change do nothing, am I being stupid?
Got 2-nd user. It has a privilege to read smth special, but needs lots of greps. People write above that it can be done without greps and lesses. I suppose it is a useful util or command to be aware off. So If anybody aware of it, dm me pls!