[USER]
Enumeration is key for the initial work. Do it thoroughly on the two popular ports.
Also, I believe there are several domains. Once you found popular DNS misconfiguration make sure to query for all of them. This took me a while to find out why I wasn’t getting closer. Once you found the entrance point and necessary information, it will be pretty much instructed to get a user shell.
[R00T]
I was shooting my head once I figured out what I was doing wrong. As many ppl said, pspy will help you what is going on. And carefully read the found script and do some google search. And now it would be matter of how familiar you are with the famous snake.
Finally got around to finishing this one off. Thanks to Kwicster and ghost0437 for pointers. I was pretty close, just needed a push. Little google and a few different ways, got me the shell. Learned something new.
Hi guys,
For the user part : Found the p** source codes from lfi but still cant find the files im uploading…
Used tools to every subdomains to find a secret directory or smthing like that…
Any hint pls ? Can someone DM pls ? Rly want to pown this box :bleep_bloop:
EDIT : User owned and Rooted ! Thanks to @ghost0437 for the help with the right path with the rce
Recently started my journey in CTF type of challenges and learning the ropes. For this box I ran enum for days now and I believe I came up a little short.
To start: I have all sub-domains and ran endless fuzzing on each one (including fuzzing the for images based on the shorten structure the app uses). Found both ‘admin’ pages, and was able to access using some creds file. I have also found a hidden path via comments to a page that gives me a random string. Based on the comments here it sounds like there are two file upload locations but I found only one location for files uploads. Last, trying to find a good resource for testing LFI but I feel that I am sill missing something.
Still haven’t found the Brazilian dance, could that be what is missing for me to get the t*******p LFI trick?
Would love some pointers to a good resource to better understand what I am missing here.
I would be very thankful if someone can explain me why can’t the first user escalate to root directly through the hole found? I spent almost half a day trying to get result while reading positive pspy reports. There I could see how my commands are fired from time-to-time in a random order under UID=0, but I have no result unless I got another user and the same commands gave results immediately.
I have to admit, i’m completely lost at this moment. I think i have found subdomains, paths in Brazilian but i have no idea what’s next. Could someone help me with this?
not sure what I am looking at or for on my initial scan of this box. I have tried various things looking for a way in, but nothing. I have read through these comments and found some things but no way into the box. I am terrible at deciphering the cryptic hints. Any help?
Can someone give a hint to the LFI? im at Haha and have been trying to use the includes to call on the shared file for RCE, but im getting incredibly stuck and my research is leading me down rabbit holes