hi… i’m stuck on ps*h part. i’m trying to generate what is needed by 4** but when i try to import it i get an error…
@pinnn said:
Hi! I’am stuck. I got c*.k**. Try to create client ct and sign it with c*.k. Import cert in firefox. But site show client cert error. Could you give me hint? Maybe i use not correct parameters for csr (for location i use $****o)?
wow… same problem… why i didn’ read you post???
nvm
Can you guys give me a little bit of hint . I got the c*.k** file from p**sh . What should i do next
@moiatahacke said:
Can you guys give me a little bit of hint . I got the c*.k** file from p**sh . What should i do next
@cptUP said:
hi… i’m stuck on ps*h part. i’m trying to generate what is needed by 4** but when i try to import it i get an error…
Try google: Authentication using HTTPS client certificates | by Andras Sevcsik-Zajácz | Medium
Type your comment> @Center said:
@moiatahacke said:
Can you guys give me a little bit of hint . I got the c*.k** file from p**sh . What should i do next@cptUP said:
hi… i’m stuck on ps*h part. i’m trying to generate what is needed by 4** but when i try to import it i get an error…Try google: Authentication using HTTPS client certificates | by Andras Sevcsik-Zajácz | Medium
@Center said:
@moiatahacke said:
Can you guys give me a little bit of hint . I got the c*.k** file from p**sh . What should i do next@cptUP said:
hi… i’m stuck on ps*h part. i’m trying to generate what is needed by 4** but when i try to import it i get an error…Try google: Authentication using HTTPS client certificates | by Andras Sevcsik-Zajácz | Medium
oh yeah… i’ve overcome that obstacle a few minutes ago… now i’m trying to understand how to overcome scandir function… to get what i need
nvm
Hey I have got user.txt using LFI.
I have SSH key for b***** but if I SSH -i it is asking for password
Rooted! Pretty cool machine. I feel like it’s the same lesson on every machine: read everything carefully - don’t skim over anything!
User: don’t get too bothered by the weird shell. You know the language so just look at available functions online.
Root: keep it simple - this should take no more than a couple minutes with the right approach.
PM for hints.
Is Burp needed to get user flag?
Type your comment> @cptUP said:
Is Burp needed to get user flag?
I didn’t use burp to get the user flag on this box. burp is really never “needed” for anything. In fact, you can get burp to make you a curl command line for anything in burp.
Saying that, leaving the proxy on while you click around some areas of LCDP might help you to notice things you might not have otherwise noticed about some of the URLs being loaded and if you change them you may find some interesting things.
Type your comment> @webjayant said:
Hey I have got user.txt using LFI.
I have SSH key for b***** but if I SSH -i it is asking for password
Perhaps it’s not for that user then? 
Type your comment> @deviate said:
Type your comment> @cptUP said:
Is Burp needed to get user flag?
I didn’t use burp to get the user flag on this box. burp is really never “needed” for anything. In fact, you can get burp to make you a curl command line for anything in burp.
Saying that, leaving the proxy on while you click around some areas of LCDP might help you to notice things you might not have otherwise noticed about some of the URLs being loaded and if you change them you may find some interesting things.
thank you.
I asked this because of some cert issues from both curl and burp… and at this precise moment i can’t use them…
Finally got root
Hi everyone, I’d kindly appreciate help on getting user on this machine. I am past the backdoor and I had a long session on the Py S**l , I am stuck. Would like to avoid HTTPS, but anything would be good really ahah Thank you!!
hi i need help to pass the https part i already have the c*.y , i failed to generate a valid ct , i will appreciate a pm thanks .
@1m0ns1eutr1st3 said:
Hi everyone, I’d kindly appreciate help on getting user on this machine. I am past the backdoor and I had a long session on the Py S**l , I am stuck. Would like to avoid HTTPS, but anything would be good really ahah Thank you!!
Why try to avoid an excellent learning opportunity?
If you have already obtained the c*.k** it should from there on just be a few steps until you can circumvent the warning on https.
Have a look at this one: Authentication using HTTPS client certificates | by Andras Sevcsik-Zajácz | Medium
Would appreciate any advice/references for root in regards to the file permissions. I can see the unusual permissions but after reading some references still have no idea how they could be useful.
wow… less than 1 minute after reset and https is unavailable… it’s frustrating…