I will recomand to read all the comments. Is allready a lot of info here or just pm some one
hi team! can anyone give me a hint for the initial foothold? I was trying to steal the admin cookie but it looks like I actually have to go the other way, can you help me see what I’m not seeing? thanks.
Thank you for this.
I was using webhook to test connections and was struggling on why the admin wasn’t connecting while I was.
1 Like
looking for a hint. I have uploaded a payload but i am not getting a great deal of helpful information from it. Can someone DM for some advice? Thanks.
1 Like
Really stuck on the payload part.
I know what the vuln is. I know I can share a link, I know the directory where additional details are located but cannot figure out how to extract that with a payload to get a foothold.
I’m stuck on the payload, I think I know what the script is, but when I fetch messages/ and send it to the admin, I get an authentication error in netcat. I think it shouldn’t point to /messages/ maybe?
Finally! Got there in the end!
goodluck friends
absurd, I’m still stuck, I created a python script to easily read the contents of the server, it works and I managed to read many files:
…/contact.php
…/index.php
…/messages.php
…/visualizer.php
…/Parsedown.php
…/…/…/…/etc/passwd
…/…/…/…/etc/hosts
…/…/…/…/etc/hostname
…/…/…/…/etc/group
…/…/…/…/etc/sudoers
…/…/…/…/etc/crontab
…/…/…/…/etc/apache2/apache2.conf
…/…/…/…/etc/apache2/ports.conf
but I read in the forum that I should find a hash to decode and unfortunately I just can’t find it…
even straight?
Looking for support with initial foothold. I can trigger the admin but can’t read him back I can play with the md but can’t find many options for serious progress.
1 Like
Alert pwned
1 Like
Finally did it!
I finally got over the hurdle of foothold, the advice of what I can see and not what I an steal was way better than thought!
Goodluck Everyone!
1 Like
Worked out the Foot Hold Vulnerability but not really sure on the payload I need to send across. Initially thought a link back to my HTTP Server. Any pointers would be greatly received.
Hi guys,
I am stuck at the initial foothold. I can open image fie links through uploading .md file on the “MarkDown Viewer” page, but I cannot get any further into how to get reverse shell for example. Then I found that I am able to upload php reverse shell using the “Contact” form, but I cannot execute it in order to get nc session. Any hints would be appreciated.
1 Like
What is the content of your .md file? I am stuck on this part.
If anyone is stuck, please let me know. This is a really interesting and conceptual box. We need to chain understanding of web attacks to solve it. Root is cakewalk. User is tricky.
1 Like
I just DM-d you
Any hints with where to look for config file once you can look for things? feels like i tried everything
1 Like
anyone who can DM me a hint?
Summary
i have gotten to the point of finding the vuln that allows you to find files like /etrc/passwd and im reading system files but i have no idea where to go from here theres no ssh keys i can access i cant access apache log files and theres seemimly no config file. i am so stuck someone please help ive been on this for a week
1 Like