Official Appsanity Discussion

Really interesting box requiring different attack approaches than your usual Windows box. First off, as always, try to understand how the website works. Basic functionalities how are handled. Try to find all of its features and see how you can make use of what you found.

Getting your foot in, is about abusing a basic functionality, use that, invoke that, and of course avoiding some bypasses. Once you get inside, look around and find what’s new. Find out how to work with it and see what it does, how is it built. This should be enough to find something extra. Rooting requires attention to detail. Find where you have access and try to figure out why. Work around that. Build something of your own, try to fool that thing you found, and that’s about it. I’ve tried summarizing as vaguely as possible. Good luck peeps.

5 Likes

i need help finding the foothold on this machine, any nudge pls?

Struggling with rev shell. File links redirect to Profile page?

1 Like

try and copy the link

.dll found I need some help transferring it to my local machine to have a look at how it works can someone PM me and help me out a bit regarding that

Yes ofcourse, how did I miss that. Thanks.

pls help, i am stuck at getting rev shell

Hi all, I’m stuck on the second login portal as I can’t find the right ID to login, tried few different things, but still no luck, any advises where to look or approach?

1 Like

where are the uploaded files saved?

managed to upload file, when i go to view it i get “error occured when trying to load file”, nudge would be appreciated (ive tried msfvenom payload and others)

It worked fine for me. Make sure you are using the right architecture.

Does anyone else get an “incorrect flag” and “you have no active machine” error? I am getting it while submitting the user flag. Not sure how to fix it, tried login/logout and VPN disconnect/reconnect

Is there some reading material someone can suggest to help me tackle the foothold? Looking around I can see some interesting points, but I’m not quite sure about how to go about making use of anything. I’m not even sure if I’m even looking at the right things. I don’t care if I have to spend the rest of the week just studying. I just want to understand more of what I should be looking for when I run into boxes like this.

1 Like

Honestly same, I’ve done standard enumeration but can’t progress any further (stuck on some login)

Could someone give hint for upload directory ?
Also if someone needs hints up to this point (if you haven’t gone this far) can DM me.

1 Like

If anyone needs a nudge, feel free to reach out. Just let me know where you’re at.

1 Like

Is SSRF the right path for foothold?

Hi !! how’re you all ? Hope you’re having fun. I need some help, can someone please give me a hint on the file upload? hmm I cant bypass it thats the way to do it ? Thanks in advance !!!

Anyone able to shed some light on getting root. I can see some options, but am stuck with how to exploit.

DM, happy to help