Hi guys, I get access to both portal. But i have some misunderstanding.
Is it possible to discuss about it?
i understand misunderstanding part just now.
read carefully what you see in both portal
this information is useless. what is the point?
I figured out the vulnerability but I’m not able to call my payload… or reach that folder from browser. Any hint?
Any hints on the php portal? Got the admin portal, but can’t seem to figure out how to get into the php portal
Anyone have a hint on the secret directory. Have a user level access, but can’t find anything about it
@peek said:
read carefully what you see in both portal
have been able to access both, seen the vuln in each, i know there is a link with both of them, you need one to call the other… but the vuln on 1 is not calling my payload in 2…
tried all the tricks in web exploit for 1 but it aint working
@princeade said:
tried all the tricks in web exploit for 1 but it aint working
You’re close. Fuzz the input in the other one a little bit. See what it’s doing and figure out why it accepts the input that it does, and why it will not accept your input. Then I think you’ll get it.
Guys, another question. I got shell and the private key but the service is active and unrechable… What am I missing?
i got user level shell…struggling for root now.
@CiccioPas said:
Guys, another question. I got shell and the private key but the service is active and unrechable… What am I missing?
Enumerate the system more, files and services.
@Agent22 said:
i got user level shell…struggling for root now.
Look for anything out of the ordinary on the system and dig deep into what it is.
edit: also if anyone was stuck on this for ages like me wondering where to find the other portal - try other wordlists.
@CiccioPas said:
Guys, another question. I got shell and the private key but the service is active and unrechable… What am I missing?
Any way you could further investigate the user whose shell you’ve compromised?
Well I got the RSA key but I have nowhere to use it, ssh appears filtered! so today I’ll try to enumerate more as suggested hoping in smth good!
@CiccioPas said:
Well I got the RSA key but I have nowhere to use it, ssh appears filtered! so today I’ll try to enumerate more as suggested hoping in smth good!
What local enumeration script(s) do you run once you’ve got a shell?
Hi guys,
I have managed to find both the portals, but I am having a really hard time accessing them. I have run dirbuster against bother the http and https pages with multiple wordlists with no real success.
The only clue I have at the moment is on the one page, but that hasnt gotten me anywhere on this box.
Can someone give me a nudge in the right direction please?
@Deadstopp said:
Hi guys,I have managed to find both the portals, but I am having a really hard time accessing them. I have run dirbuster against bother the http and https pages with multiple wordlists with no real success.
The only clue I have at the moment is on the one page, but that hasnt gotten me anywhere on this box.
Can someone give me a nudge in the right direction please?
I’m stuck at the same spot, the creds aren’t the default creds by the looks of it. I’ve tried bruteforcing both pages but to no avail. Is there a specific wordlist that I am missing?
try some brute force …
@Deadstopp said:
Hi guys,I have managed to find both the portals, but I am having a really hard time accessing them. I have run dirbuster against bother the http and https pages with multiple wordlists with no real success.
The only clue I have at the moment is on the one page, but that hasnt gotten me anywhere on this box.
Can someone give me a nudge in the right direction please?
To gain access to the portals, you need to bruteforce. One of the portals has a development error that will leak some info, cutting your bruteforce time down a bit. Once you have authenticated with both, the challenge should present itself.
PS: the php error that comes up randomly doesn’t mean anything afaik
@hotshoto said:
@Deadstopp said:
Hi guys,I have managed to find both the portals, but I am having a really hard time accessing them. I have run dirbuster against bother the http and https pages with multiple wordlists with no real success.
The only clue I have at the moment is on the one page, but that hasnt gotten me anywhere on this box.
Can someone give me a nudge in the right direction please?
I’m stuck at the same spot, the creds aren’t the default creds by the looks of it. I’ve tried bruteforcing both pages but to no avail. Is there a specific wordlist that I am missing?
Default nselib worked for me.