Can’t find any posts about this one yet. I’m a bit stuck on this and I’m not sure if I’m going down a rabbit hole. I found a script that would suggest one popular type of vuln, all i’ve managed to actually get work is xss unfortunately. It blocks certain attempts to inject stuff and you end up with that bloody smiley lol.

Any hints or tips would be great.

enumerate more with classic tool for scanning

I cannot find a way in!! I have found a user? and another place to scan, but nothing that squeals come in!!! Can someone assist (I don’t want the answer just to see if I am going way off target).

I’ve also manage to enumerate some users, but any web based scanning doesnt give me what im looking for, nikto doesnt run, even using WAF bypasses… it just hangs.
dirb only find one interesting page, but it redirects to a dead page… am i rabbit holing, i feel like i am…

I’ve scanned everything. There is clearly something I am missing.

I found something else to “attack”

i have found 2 things that need a device that unlocks doors…
i have found one thing that need maintenance…

I’m pretty sure a WAF is getting in my way of enumeration…

@peek said:
enumerate more with classic tool for scanning

can you advice some waf evasion papers / sites?

there are a number of switches in some of the common tools in kali …

might want to try

man NAME OF TOOL and read through some of the -e switches etc

Nobody is working on this box right now? Pretty stuck after found some evidence.

guys, i need help for getting root. pm me pls.

Can someone pm me? Im stucked at the first “container”

                   oo$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$o         o$   $$ o$
   o $ oo        o$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$o       $$ $$ $$o$
oo $ $ "$      o$$$$$$$$$    $$$$$$$$$$$$$    $$$$$$$$$o       $$$o$$o$
"$$$$$$o$     o$$$$$$$$$      $$$$$$$$$$$      $$$$$$$$$$o    $$$$$$$$
  $$$$$$$    $$$$$$$$$$$      $$$$$$$$$$$      $$$$$$$$$$$$$$$$$$$$$$$
  $$$$$$$$$$$$$$$$$$$$$$$    $$$$$$$$$$$$$    $$$$$$$$$$$$$$  """$$$
   "$$$""""$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$     "$$$
    $$$   o$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$     "$$$o
   o$$"   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$       $$$o
   $$$    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" "$$$$$$ooooo$$$$o
  o$$$oooo$$$$$  $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$   o$$$$$$$$$$$$$$$$$
  $$$$$$$$"$$$$   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$     $$$$""""""""
 """"       $$$$    "$$$$$$$$$$$$$$$$$$$$$$$$$$$$"      o$$$
            "$$$o     """$$$$$$$$$$$$$$$$$$"$$"         $$$
              $$$o          "$$""$$$$$$""""           o$$$
               $$$$o                                o$$$"
                "$$$$o      o$$$$$$o"$$$$o        o$$$$
                  "$$$$$oo     ""$$$$o$$$$$o   o$$$$""
                     ""$$$$$oooo  "$$$o$$$$$$$$$"""
                        ""$$$$$$$oo $$$$$$$$$$

I am begin to hate it!

Is the Waf bypass the right way?



this might be a nice machine. But so far I have found nothing interesting if Waf bypass is not the intention. There is one thing, which is quite old, but even that needs a key.

Hmm. Hmm.