I just DM-d you
Any hints with where to look for config file once you can look for things? feels like i tried everything
anyone who can DM me a hint?
Summary
i have gotten to the point of finding the vuln that allows you to find files like /etrc/passwd and im reading system files but i have no idea where to go from here theres no ssh keys i can access i cant access apache log files and theres seemimly no config file. i am so stuck someone please help ive been on this for a week
Finally
Google is your friend for file locations. You can then get someone to send the contents to you.
Thank you for your tips! I got it!
@baadam
If somebody else have questions for this machine,feel free to ask me
Thank you all for the tips!
You are very welcome!
DONE!!
Got the payload and my remote server, I upload de payload for the admin and still cant get a single packet into my nc
Hi there! I discovered the vulnerability, but when I upload the payload in the required file type and set up a listener, even after sending the link to the admin, I don’t receive a single packet back. The port is correct, and so is my IP. What could I be doing wrong?
The best hints have already been posted above.
For the initial foothold:
Search online for where credentials could be stored for the specific server the website is running.
For root:
Look at the processes running and see if there’s a way to run a reverse shell.
Feel free to dm.
Hey all!
I might be way off here, but I’ve managed to craft a payload in an .md file and I can get a connection back to my attack-box, but can’t figure out how to parse the response/get the content of any files.
Using nc or python http.server I simply get the response, but with no file content.
Any hint is appreciated.
Hello, I’m stuck on the .md file, I don’t know what to do with that can u help me plsss
Is there anybody I can DM? I have one question regarding foothold
Made that .md script and got the user hashes, took a little help from john and finally got into it.
But now I am stuck with the root , any hints what to do next?