for user, don’t stop at the very first nmap scan, use full potential and enumerate every service. Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell
for root you don’t have to do much but you’ll have to KNOW much about a certain service. First thing, run enumeration scan, then try to read as much as you can about how things like that work
"Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell. "
love you Bro you save my time. it took 15-30 munites to identify .
Hello, i cant login into the app even though i found the ‘special string’. I know people say its easy but I am stuck in this for a day so any help would be appreciated.
Thanks
Hey guys I did the login, now I am in the web app, but I don’t know much about web applications, I used burp to intercept de requests and it show me the *** parameter, should I try to make a sql injection or anything like this ? If you have any hint, internet tutorial or video on youtube to the next step I will be grateful!
@nutss said:
Hey guys I did the login, now I am in the web app, but I don’t know much about web applications, I used burp to intercept de requests and it show me the *** parameter, should I try to make a sql injection or anything like this ? If you have any hint, internet tutorial or video on youtube to the next step I will be grateful!
Getting was pretty simple and fast, then I’m now on the way to root.txt.
I’ve setup a reverse connection and enumerated many config files and try to understand how qa works, used v console as well but can’t figure what is the next move to do
if anyone having resolved the step can give me a bit of explanation, it will be great, I don’t want a spoil but a way to the good direction
Finally, I got root. It was not easy. Thanks to @roastymaus , @The5thDomain and @marine for helping me out. I am not sure this would consider a spoiler, but for priv esc you can search for “b** q****a attack” and click on the first link on google. That should give you a start
Hi,
I got a basic nc shell via the admin panel but it’s very limited and i’ve been trying to upgrade to a more complete one but to no avail.
Am i wasting my time or should i continue in that path ?
Can someone PM about root? I know what I have to do and I have set up the scenario locally using docker and have successfully achieved what I believe I need to do. However i’m struggling to figure out how to apply this to the actual machine
I got the user flag but I have no idea what to do about privesc. I’m trying to piece together the clues from the site and this thread but I haven’t messed with networking since I took some Cisco networking classes years ago. Can anyone provide me a good link to things I should know for this box?
@shaboti said:
Logged in and now playing with diag, it was returning some output, not it is not returning anything (even with the default encoded q…ga param.
any idea, what could be the problem?
Thanks
EDIT: It works again !
I could sure use a hint on this? I’ve tried substituting (encoded) everything I can think of in this place, but not able to get past it.