‘/etc/apache2/apache2.conf’ gives you another file to investigate, that file will lead you to the file where there is a hash
Can anyone assist me with where I can discover the query parameter for the LFI vulnerability? I was spoiled with the parameter name but cannot figure out how it was found.
Rooted with the help of the community. One thing still bothers me is the root hash - I tried with a few popular wordlists but still nothing. Anyone got any idea?
A crucial hint for those tackling this challenge: the application is designed to convert Markdown code into HTML. Therefore, it’s essential to ensure that your scripts are being formatted correctly. Also, always remember to perform detailed enumeration of the system. Pay close attention to all the web server’s default configuration files, and keep an eye on any functionality available exclusively within the admin panel—those differences can reveal interesting gaps.
It’s also worth carefully checking file permissions and internal scripts, especially those that monitor changes or file uploads. They may run with higher privileges than you’d expect, potentially opening up avenues for injection. Good luck with your exploration!
Could some give a hint in regard to hash cracking? DM me please if you don’t want to write here
Need help with the initial foothold, I’ve tried a bunch of Markdown files and javascripts in the message module but I can’t wrap my head around it, a nudge even in PM would be great!
Thinking the exact same thing. That is the one step I don’t understand. I mean I appreciate everyone who gave that hint, but how did they figure that out?
Was it a guess I wonder? maybe people just try generic parameters, but I would love to know for sure how others figured it out.
Also How does these guys find that there is a lfi there
Have you perhaps got an explanation to this? It is honestly driving me crazy, I feel like I have a giant knowledge hole, so big I don’t even know where to start
All those who have questions, you can send me DM to my Discord: FisMatHack