I have retrieved the credentials from the alternative service. I then proceed to authenticate using these credentials on the obvious http service but now do I just use the well known unauthenticated RCE exploit against this service lol? Isn’t that a bit counter intuitive?
I have retrieved the credentials from the alternative service. I then proceed to authenticate using these credentials on the obvious http service but now do I just use the well known unauthenticated RCE exploit against this service lol? Isn’t that a bit counter intuitive?
Am I missing another service to auth with?
Could you PM with some guidance on this? Thank you!
I will post here a tip that I would have loved to read 2 days ago for root :
If you tried to run something and expected a root shell to pop, but for some reason it didn’t (shells were particulary tricky for me with this challenge and I wasted a lot of time with it), maybe it is OK, maybe you don’t need the bash. Maybe executing stuff as root is enough, and you can adapt your tests according to this.
I am a total noob and I need some help. I have done searchsploit on HelpDeskz and found 2 exploits sql and arbitory code excecution.SQLmap said there are no exploits and don’t know how to get arbitrary code execution. I have also looked at the source code of node.js and could not see any exploits. I am now very stuck and would very much appreciate some help.
Im needing assistence with this Box please.
I know ive got the right path and the correct exploit.
Can someone please dm me , i cant run the exploit in the intendend way.
Any help would be great
could I get some help on getting a shell? I have looked at the GitHub code for the webbap … I have the exploit but just cant get a call back … im sure it somthing stupid that Im missing
Hello everyone, just rooted this box but not without the help of this great community. If anyone needs help you can PM me. Hints hopefully without spoiling, for the script to run you need to find 3 parameters and time travel is both back and forward in time. for root linenum and searchsploit your way to root.
I am able to find my file if it’s a jpg or txt. But I can’t get around the file type filter. Tried using Burp but that captcha is screwing things up. I feel so close. Any help would be great.
I am able to find my file if it’s a jpg or txt. But I can’t get around the file type filter. Tried using Burp but that captcha is screwing things up. I feel so close. Any help would be great.
PM me if you want hints on 3k port - Also I need help on using the user account and the scripts, they (and my other enum) are not returning as expected.
I am trying to get user using the authenticated exploit (S** I********) having the creds, but it does not seem to give me the expected results. Did anyone tried it recently and had a good result with it?