Can someone help me with Attacking Common Applications - Skills Assessment I can’t find exploit for web server. I try all the public exploits but no success
It is say that PUT method is allowed but I cant upload the file and I get 404 error
Any one can help me ?
Can someone Help me?
Have you solved this question yet? I am also stuck at skill assessment 1
Hi guys, I’m at the same point at skillAss 1, but event skillAss 2 is very hard with no hints. I don’t know what to do
Hi guys, I’m at the point SkillAss I. After enumaration with nmap I know some application, the port and version, I submit answer and it’s right. But I cant get the shell to cat the flag.txt. I try all of vulnerability on ExploitDB. Can anyone give me a hint?
Try to search on vulnerable app for extensions with ffuf or dirbuster and you will find something juice to exploit
can any push another hint at this as I’m not figuring it out - perhaps I’ve looked at it too long!
I know what the app and version is - but that does not seem to help getting a shell - none of the metasploit modules work.
gobuster showed me the ‘/assets’ subdirectory which I do not have permission to access so i cant go further there (I assume thats what @Gocka was refering to)
I know there is a jenkins login page but default credentials do not work
Where should i be looking? I’m stuck…
Text me, I will support you
I eventually got the flag. The solution is direct vulnerability of the app. I highlight you need to do a little background reading into how the vulnerability works so that you can properly set up metasploit
hi im stuck in this for few days, i try to brute force jenkins,and fuzz tomcat but i cant find much can u give any hint
Researching “cgi tomcat” exploit, and read more about that
tnx, i know about the cgi but i cant find the file
Out of ideas at the moment and could do with a fresh perspective if someone could help provide some additional pointers.
- I’ve identified the vulnerable app and can confirm it’s vulnerable to G****t but I can only read one file w.**l which has no additional configurations.
- I’ve ffuf the vulnerable app port but can’t seem to find anything which would relate to the “tomcat cgi” exploit mentioned above. I did however find b****.**l. Is this the file?
Any pointers of what direction I should be looking at next would be most helpful