Dev0ops hints

@realbadhorse said:
stuck at Internal Server Error. Pm hint pls

hint is there infront of you

The best hint I would give is to read what you have found is actually telling you, and then check out the OWASP TOP 10 for 2017.

This is not strictly a hint, but the machine was designed to not require arbitrary guessing or finding the right wordlists because I don’t really like that kind of hacking :slight_smile: So the hints are not hidden, they are there. I hope you like it.

am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :slight_smile:

@xtech said:
am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :slight_smile:

nevermind found the page. better not ban dir scanners next time :stuck_out_tongue:

@xtech said:
am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :slight_smile:

feel free to PM me. :slight_smile:

who keeps crashing the machine? ■■■!! i managed to get user but someone keeps crashing it and i spent all my resets for the day.

Just rooted this amazing box. thanks @lokori you did a very nice job building it. and thanks @menoetius for help :slight_smile:

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

Hey @cichy. Thanks I figured out how to read files and gotten some useful info like usernames but not sure where to go from here. Is bruteforcing required after that?

@FFEJ

I don’t know what I can say in public and what will be banned :slight_smile:

Back to the case, if You are able to read filesystem just find this one file in default location You have everything on page after upload

@FFEJ bruteforcing is not required. There might be more than one way to skin a cat, but it doesn’t require arbitrary guesswork or bruteforcing.

My payload seems to be malformed, can anyone PM me about the format of the payload?

Owned… pm if you need

@J3rryBl4nks said:
My payload seems to be malformed, can anyone PM me about the format of the payload?

There must be a father with 3 sons :wink:

Rooted. Nice box @lokori. :+1:

Rooted. Great fun, thanks @lokori !

what exactly am I missing ? did I read too much in the posts ? hint me without spoilers for initial foot hold.

@ph3on1x said:
what exactly am I missing ? did I read too much in the posts ? hint me without spoilers for initial foot hold.

just do not think of the posts.
read information you have from what you found and it will come to you.
initial foothold is pretty simple once you get the idea