Dev0ops hints

stuck at Internal Server Error. Pm hint pls

@realbadhorse said:
stuck at Internal Server Error. Pm hint pls

hint is there infront of you

The best hint I would give is to read what you have found is actually telling you, and then check out the OWASP TOP 10 for 2017.

This is not strictly a hint, but the machine was designed to not require arbitrary guessing or finding the right wordlists because I don’t really like that kind of hacking :slight_smile: So the hints are not hidden, they are there. I hope you like it.

am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :slight_smile:

@xtech said:
am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :slight_smile:

nevermind found the page. better not ban dir scanners next time :stuck_out_tongue:

@xtech said:
am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :slight_smile:

feel free to PM me. :slight_smile:

who keeps crashing the machine? ■■■!! i managed to get user but someone keeps crashing it and i spent all my resets for the day.

Just rooted this amazing box. thanks @lokori you did a very nice job building it. and thanks @menoetius for help :slight_smile:

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

Hey @cichy. Thanks I figured out how to read files and gotten some useful info like usernames but not sure where to go from here. Is bruteforcing required after that?

@FFEJ

I don’t know what I can say in public and what will be banned :slight_smile:

Back to the case, if You are able to read filesystem just find this one file in default location You have everything on page after upload

@FFEJ bruteforcing is not required. There might be more than one way to skin a cat, but it doesn’t require arbitrary guesswork or bruteforcing.

My payload seems to be malformed, can anyone PM me about the format of the payload?

Owned… pm if you need

@J3rryBl4nks said:
My payload seems to be malformed, can anyone PM me about the format of the payload?

There must be a father with 3 sons :wink:

Rooted. Nice box @lokori. :+1:

Rooted. Great fun, thanks @lokori !

what exactly am I missing ? did I read too much in the posts ? hint me without spoilers for initial foot hold.