need hints for root
machine silently patched without changelog?
a secret changed to unknown urandom(32).
I have a similar issue where I don’t know where to start. I’m trying to get directories / pages and subdomains but no luck so far. Can you give me a hint?
Do you get the correct domain? noting the redirection.
What do you mean by redirection/correct domain?
I’m only getting agile.htb as nginx default page and didn’t find any other directories/subpages when using a medium dirbuster wordlist.
try with ip, or some arbitrary subdomain.
you would encounter 301 when fuzzing vhost/subdomain.
Can Anyone help me with the foothold?
Can you help me here? I found the LFI but I don’t know what to do besides looking into /etc/passwd to find potential usernames.
Help with werkzeug console pin exploit , please DM
Try to look into the source code, its path is visible in the error logs
@tec already posted up in the comments, but the foothold might have changed (silently, apparently). I’m talking some info you might find yourself trying to extract from a specific file.
UPDATE: Apparently it has been added yesterday.
Hey guys, this was a tough one for me. At last, rooted!
DM me if you need help / hints
I’m stuck at first user. I tried a lot of things, but I’m not sure how to proceed. Any hint/help would be great. I’ve been at it for a week
Maybe not anymore after the latest patch.
Hi there! Can anyone PM me and guide me a bit withing this box? I’ve already checked all the paths I’ve found and got stuck… I have lfi, have app’s source code ect. But I see that the app is probably patched and the cookie+idor path can’t be used anymore. I also tried to reverse Pin but with no luck. Have a feeling I’m missing something obvious…
I’m in the exact same place as @mar11. Can someone give me a nudge on that?
I’m trying to see the source code of the application but I can’t get the path of the application
Can someone tell me if reversing the *** for the c***** is the right track as I don’t think IDOR or cookie mods are possible since patch.
llevo ya casi una hora e probado todas las rutas que salen en los errores y nada