Type your comment> @anir08 said:
Rooted.
For anyone looking at the forums searching for hints, I’m gonna be blunt and say this: You know what you know and you don’t know what you don’t know! Stop with that TryHard thing!
My hints:FootHold/User
Let your nmap be aggressive and read the output very carefully! Half of the steps to Foothold lies there! Got it? Nice!
Make the necessary changes. Cool!
Now head over to the “secret” area which was not available before and manually enumerate it very carefully! Like use your EYES instead of firing off gobuster and wfuzz.
Then read about this:
What is SSRF (Server-side request forgery)? Tutorial & Examples | Web Security Academy
Read it? Now you know what to do!Take a step back and let the snake take the auto-pilot from there!!
Escalation/System
I’d be real honest here…if you don’t have a solid windows priv-esc methodology, you won’t be able to do this. Its more like a hit-error-success thingy. Without giving away much, enumerate registry keys and look for software policies…google a lot and you’ll end up on a famous blog website which explains exactly what it is. From there its 2 minutes to systemI fell into the Rabbit Hole concerning the ***i and lost 2 hours until looked at it again from the top side. Sometimes you need to take a breather!
Good Luck!
El-Psy-Kongroo!(Also why the ■■■■ can’t I submit the flags ■■■■)
Edit: Flag submitted- had to revert it two times (sorry if I caused disturbances to others in that time)
Thanks! I was trying all the right things… but the link helped me with the right format