Falafel

Wanna start some discussion about this machine if anyone is working on it. I got an interesting file but nothing more :frowning:

Enumerate more what is present on the website, focus on what you’d expect to find on a “social” type of web app given the folders you’ve probably already found

May I pm u @Maz0r ?

i need help. stuck at same place

i’m stuck in privesc any hint please

I tried enumerating the files which are on the website burning out my dirbuster, but didn’t find anything exploitable. Found the admin login panel but default creds wont work. Any hints for it…

usually when you have a form, you can try xss, sqli or bruteforce.

Is there anyone that I can message about this box? I have some questions.

@Xorus said:
Is there anyone that I can message about this box? I have some questions.

yeah, pm me

finally got root

awesome

This fat sweaty kebab is doing my nut in… I just can’t see how to get priv esc… used the scripts for enumeration nothing jumps out… can’t see anything special in log files… I just want a little nudge where to focus my research… please.

SPOILER

“Hacking Attempt Detected”

Hmm, is that the right kind of the right path?

@kusk said:
“Hacking Attempt Detected”

Hmm, is that the right kind of the right path?

i found it also. but nothing more

is there someone can help me in falafel machine or give me some hints

any hint guys after login successful ? that ext drive me to crazy !!

I’ll never eat another one. LOL

“Hacking Attempt Detected”

stuck here. any hint plz

priv esc’d to Spoiler Removed - Arrexel but can’t see any priv vectors to get the root flag, everything looks bare. Any hints would be great!