I don’t know. I still haven’t figured out how to use it
I appreciate the creator putting it together and the initial foothold was relatively interesting, but honestly this box was very irritating. If you brute force for names only specific wordlist will work, you might find it easier to obtain this info. from a file instead. Similarly do not use hashcat or you’ll end up spending hours going in circles.
‘/etc/apache2/apache2.conf’ gives you another file to investigate, that file will lead you to the file where there is a hash
Can anyone assist me with where I can discover the query parameter for the LFI vulnerability? I was spoiled with the parameter name but cannot figure out how it was found.
Rooted with the help of the community. One thing still bothers me is the root hash - I tried with a few popular wordlists but still nothing. Anyone got any idea?
A crucial hint for those tackling this challenge: the application is designed to convert Markdown code into HTML. Therefore, it’s essential to ensure that your scripts are being formatted correctly. Also, always remember to perform detailed enumeration of the system. Pay close attention to all the web server’s default configuration files, and keep an eye on any functionality available exclusively within the admin panel—those differences can reveal interesting gaps.
It’s also worth carefully checking file permissions and internal scripts, especially those that monitor changes or file uploads. They may run with higher privileges than you’d expect, potentially opening up avenues for injection. Good luck with your exploration!
Could some give a hint in regard to hash cracking? DM me please if you don’t want to write here