Well someone’s got to post it 
It’s been over 12 hours. Where’s Waldo ?
^^
I found Waldo… where the ■■■■ is root???
I feel like i’m being extra stupid on this one…
@Bear said:
I feel like i’m being extra stupid on this one…
me too 
Stuck on priv esc. Didn’t find any possible path. One thing that makes me think is second interface. Am I on a correct path?
Am I on the right path with the logmanager ?
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out
@HeiGou - //hat have you tried so far?
pls stop resetting the box ;(
@Bear said:
I feel like i’m being extra stupid on this one…
^^
My feelings exactly. There’s not much to this box, yet, can’t get root.
@HeiGou said:
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out
same any hint
I’d appreciate it if anyone could include me on any privesc from M*****r to root
Nevermind , got root ^^
Yea, feeling the headache on the privesc from the M account…
@HeiGou said:
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out
Need help as well. I found some interesting things in the .js file and I’m able to use them but I’m not very good with java so I can’t understand how to exploit them.
I found Waldo in the background image though, so that’s a plus.
@elio said:
@HeiGou said:
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it outNeed help as well. I found some interesting things in the .js file and I’m able to use them but I’m not very good with java so I can’t understand how to exploit them.
I found Waldo in the background image though, so that’s a plus.
First is not Java, is JavaScript and second you don’t need to know anything about java or JavaScript to get anything.
You don’t even need the javascript files.
If you could use a proxy to see what is going when you add a new list or an item to the list…
@Relwarc17 said:
@elio said:
@HeiGou said:
Anytips for the initial foot hold. I think it is an injection attack but I cant figure it outNeed help as well. I found some interesting things in the .js file and I’m able to use them but I’m not very good with java so I can’t understand how to exploit them.
I found Waldo in the background image though, so that’s a plus.
First is not Java, is JavaScript and second you don’t need to know anything about java or JavaScript to get anything.
You don’t even need the javascript files.
If you could use a proxy to see what is going when you add a new list or an item to the list…
True, it’s JavaScript. My bad. I’m using Burp anyway, and the request the site makes is defined in the script, so I got it from there.
Hi. I can read files from www/html folder, list dirs and and write files, but I cant find a way to read other system files or write a file with an extension. Not so good with php, any hints?
@pkneca said:
Hi. I can read files from www/html folder, list dirs and and write files, but I cant find a way to read other system files or write a file with an extension. Not so good with php, any hints?
same…any hints?