Official Agile Discussion

So far I got:

  1. LFI → source code → debug mode → console pin (didn’t work - rabbit hole?)
  2. LFI → environment variables → server config file → database password (how to use it?)

Is sql injection a path worth exploring?

1 Like

Yeaah 1 isn’t working for me. And same for two, didn’t see how can it be used.
About sql, one of the first comment was talking about ordering thing, but didn’t find how to make it work.

1 Like

it works. just need a little tweak. try recreate the enviroinment locally to print out the pieces.

it is used after initial foothold.

Stuck on reversing the *** for the c******. Would appreciate a DM.

I have tried quite a few combinations of public and private_bits and recreated the environment locally to verify I didn’t mess up. Not sure I have the correct public_bits or missing something else.


Can I PM you about the tweak?

alguien puede ayudarme con el punto de apoyo

Rooted !

I struggled a bit on the foothold, but in fact it wasn’t that hard.

Try to recreate the app and to execute it, exactly how it’s executed on the target.
By adding some “debug print” on the core code, you’ll find what you need (do not trust at 100% the exploits posts they can have different configurations, etc).

For the root part, by doing some research on the unusuals things, you’ll find the path quickly.

Really fun one :slight_smile:

I spent an aweful lot of time on trying to get the pin, but never went back to check why this didn’t work. Was this hardcoded?

If anyone wants help on initial foothold dm me

The pin works

I am pretty stuck on foothold, If someone could pm me with some tips that would be awesome!

stuck on pin exploit any hints? tried a lot of combinations but none are working. is this a rabbit hole?

No, its working. Write me if need more info.

Hi, I’m stuck, do you have a clue?

According to a post above it works but I couldn’t get it to work despite being pretty sure I had all the right parameters. There is another way to get access that’s similar to the pin

anybody else check my PIN generator script?

Edit: NM

Check pin variables

Machine ID. Try looking in It has two parts.

Username - check with LFI

Module name. Reproduce source code on your sources, or guess with


thanks for the push

1 Like

Can someone tell me how to enter the console panel or do I have to wait for the application to give me an error on its own?

did anyone having problem with connection to this machine?