Dev0ops hints

Spoiler Removed - Arrexel

@Frey said:
Spoiler Removed - Arrexel

Thanks Frey, done that. Would doing so allow me to read a file that provides access to another service (lower port) on the box? Or am trying to achieve RCE?

@xnumber7 said:
Spoiler Removed - Arrexel

you can get something, that will allow you to get a connection through that port

@w31rd0 said:
Spoiler Removed - Arrexel

You da man. Interesting article floating out there called “When All You Can Do Is Read” that really nailed this down for me. If this is considered a spoiler, please remove.

Spoiler Removed - Arrexel

How did you overcome internal server error? I tried all techniques to read the files I found and none of them is working for me so far.

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

Spoil Much in this thread?

@3mrgnc3 said:
Spoil Much in this thread?

I agree … Too many spoilers in here!

Please watch the spoilers, there was one in almost every post so far.

Way to go, sorry for spoiling that much well for everyone that got the hints before Arrexel deleted them have fun. :cry:

Enumerate, it is fairly obvious if you look around enough. (Sorry I know everyone hates that answer but especially in this case it should be pretty obvious if you look in the right area)

i wont say anything anymore in the forum. (it’s not a hint nor a spoil). feel free to report this comment as spoil.

Privesc: read.

stuck at Internal Server Error. Pm hint pls

@realbadhorse said:
stuck at Internal Server Error. Pm hint pls

hint is there infront of you

The best hint I would give is to read what you have found is actually telling you, and then check out the OWASP TOP 10 for 2017.

This is not strictly a hint, but the machine was designed to not require arbitrary guessing or finding the right wordlists because I don’t really like that kind of hacking :slight_smile: So the hints are not hidden, they are there. I hope you like it.

am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :slight_smile: