Anybody else getting
Ldap Connection Failure.Try again with the IgnoreLdapCert option if using SecureLDAP or check your DomainController/LdapPort option ?
Switched to from Sharp to Blood and it worked smoothly.
The only issue in this box for me was trying the box on an offline Apache server due to which I wasted hours on being unable to exploit the vulnerability for getting shell. Rest of the box was quite easy. I suppose this is the easiest box in the cur…
One of the nicest machines I have seen yet even though I'm a newbie. Kudos to @dm0n and @Stylish for their work. I learnt a LOOOOT about things and that too in depth; especially since they didn't mean a thing :joy:
@davidlightman Even basic RCE is enough to complete this. However, it is also possible to do what you are trying to do. Feel free to PM. However, I think there is enough information here to solve.
P.S. Works without globbing as well.
If someone could PM with a nudge on how to utilize the found parameter? There is no apparent change in the output with the input I give except for those that are rejected by the WAF. Any help would be appreciated.