so i have found the “file” in http ,dirbuster
so i have found the “file” in ftp
not sure how they link or what to do with them
spidering, dirbusting etc getting me no where usefull at this point…
what is in that file ? what can you do with it ? how do you GET the file ?> @RPSUK said:
so i have found the “file” in http ,dirbuster
so i have found the “file” in ftpnot sure how they link or what to do with them
spidering, dirbusting etc getting me no where usefull at this point…
what is in that file ? what can you do with it ? how do you GET the file ?
Can someone pm me with some advice? Trying to convert an exploit to get full rce, but not seeing how it could work.
Any wise man… to hint me in priv escalation ? even python cannot import *****.connector
Priv esc is kinda driving me nuts. Let’s swing the “enumerate deeper” hammer harder.
Privesc: Sometimes you have to catch something running that you can leverage.
For privesc, I can see the stuff running as the user, and some stuff as root. I’m sure i need to pivot to the other user, but everything is protected and I can’t intercept it. What am I missing?
@fatalglitch said:
For privesc, I can see the stuff running as the user, and some stuff as root. I’m sure i need to pivot to the other user, but everything is protected and I can’t intercept it. What am I missing?
Some infos. Enumerate deeper and look at what you good. There are more places to look for.
m stuck with the priv esc too. i understand what i have to look for, but dont actually see anything that i can use somehow. someone help please
priv esc stuck as well, reminds me phineas video about login. right way ?
@bugnote said:
yeah, but i’m in same boat. no idea what the ftp file means.
I got user and system without using the ftp exploits. I used Dirb and nmap. I found some ports are open. Dirb gives me many important things.
I used one of OWASP Top 10-2017 exploit to get some important key file.
ok got it…
@MorningStar said:
m stuck with the priv esc too. i understand what i have to look for, but dont actually see anything that i can use somehow. someone help please
Don’t Over think… it’s not complex… if you know what you need; try different approaches… don’t have to complicate the enumeration part…
@ph3on1x said:
@MorningStar said:
m stuck with the priv esc too. i understand what i have to look for, but dont actually see anything that i can use somehow. someone help pleaseDon’t Over think… it’s not complex… if you know what you need; try different approaches… don’t have to complicate the enumeration part…
my god isn’t that the truth hahahahaa. pretty anti-climatic if you ask me.
so i have a **. page, and a file from the other place, is this really all i need to get access here and i’m just not getting it? or am i still missing a piece before entry?
scratch that - very much learned a thing
Any hint ? like other users, I got 2 files … but I dunno what is the good way to continue … Thank you
Yeah, I need a hint too, having both files I am trying to fuzz one of them but I am running out of idea…
Thank you!
@fhlipZero said:
scratch that - very much learned a thing
You have an article or something that you could share so I can learn this thing? Im stuck at the same exact spot and no amount of fuzzing I can think of is working. But im also not versed in XXX so im most likely missing something simple.
@GingerHackz said:
@fhlipZero said:
scratch that - very much learned a thingYou have an article or something that you could share so I can learn this thing? Im stuck at the same exact spot and no amount of fuzzing I can think of is working. But im also not versed in XXX so im most likely missing something simple.
if you got the 2 files, then you should check out OWASP TOP 10 that helped me get it really helped.