Type your comment> @Sh1v3rSt3w said:
Type your comment> @Steve333 said:
Can anyone PM me with some hints. I’ve used dig, dnsrecon and nslookup to enumerate port 53, but am not finding any subdomains.
There’s a four letter switch you need to use with dig.
@Sh1v3rSt3w used found some domains but I am not sure with my host and resol** files whay these are not working
Type your comment> @wish said:
@Sh1v3rSt3w used found some domains but I am not sure with my host and resol** files whay these are not working
Every sub.domain you find needs to be in host file if you want to investigate.
I’m hard stuck. I found 4 subdomains. Can’t seem to find any more top level domains. Still looking for haha. Found the under development page. Can only access the latter one and the popcorn one. Can someone give me a nudge.
Type your comment> @Pocketbeans said:
I’m hard stuck. I found 4 subdomains. Can’t seem to find any more top level domains. Still looking for haha. Found the under development page. Can only access the latter one and the popcorn one. Can someone give me a nudge.
Feel free to PM me…
Type your comment> @Pocketbeans said:
I’m hard stuck. I found 4 subdomains. Can’t seem to find any more top level domains. Still looking for haha. Found the under development page. Can only access the latter one and the popcorn one. Can someone give me a nudge.
there are two domain you can enumerate. after that you can enumerate few subdomain belong to that every domain (two) domain using DNS ZN. it mean You do twice DNS ZN with that two domain.
Only with 4 subdomains and a l****.php page …struck here …
Type your comment> @wish said:
Only with 4 subdomains and a l****.php page …struck here …
there is more than 4 subdomains.
There’s more than one top level domain. You can guess it, or you can find it listed somewhere… you can be cert-ain it’s there 
Do we need fr**** user to get root?
i Think…HaHa is laughing at me…tried everything for LFI…what I am missing…
Somebody help me with d******rd page. I tried all the params trying to include my image(shell) but failed. Now I am banging my head against the wall. It’s been hours since I am there. Sombody show me some light.
Can’t get root, anyone can help? I found all that I think I need to root, but don’t happen. The file is not written. Can do this:
“CMD: UID=0 PID=12234 | sh -c cat /root/root.txt > /tmp/xxx”
But the file /tmp/xxx is always zero size.
Edit: Got root. Cant get using www-data user. 
Same problem as a lot of other folks here. Found the RW share for the brazilian dance (worst codeword ever btw haha, might as well use the actual word for it at this point). Used nse script to figure out the local path, uploaded shell. Can’t get to the shell from d********d. I’ve tried pretty much everything. If anybody could help me out here that would be really cool 
Cheers
EDIT: Finally got user. Some hints for those who are struggling to get a shell even after figuring out the right path:
EDIT #2: And rooted finally. What a wild ride. Very fun box, thanks @askar
I am in the same boat as you ^^, enumerated Brazilian dance, got the absolute path, uploaded the file and just cannot seem to get the LFI to work. Clearly an education here for me on LFI. I have looked on google for LFI syntax and I believe (I did say believe) I understand what LFI parameters are available to me but nothing seems to work. If anyone could help me out too - I’d appreciate the education. 
EDIT: I was overthinking it way too much. Finally got my shell, now to privesc
h3llo, hey guys I’m stuck on the LFI portion. I feel like I’m overthinking it…can someone help point me in the right direction? I’ve been dancing for a couple of days so I know that part and I’ve got my other s4uff all gewd. New on here btw 
I could also use some help on the LFI portion of this. Can someone PM me?
EDIT: wow, I was really over-thinking this one. Hopefully this isn’t a spoiler:
Use the comment from your Brazilian Dance enumeration as a hint for the other things that don’t have comments for LFI.
ARGHHH!
I’m stuck in LFI, anyone help with tips?
only this appears below!
NOTE: we are dealing with a beginner php developer and the application is not tested yet! something went wrong, the script include wrong param
I have reached the HaHa page, and believe I know what to do. I just can’t get it to trigger. I would love a nudge! PM me for details.
Can anyone PM me some tips for enumeration? I found 4 subdomains and an empty(?) directory. I also can’t seem to figure out how to access the different subdomains; they all say localhost.