I got a shell, but never saw the version where did you find it?
Thanks so much! Missed that option lol
Am I the only one who gets 502 Bad Gateway or is it everyoneās thing right now?
UPD: Now works okay, yay
1 Like
In my experience on the free tier UDP works better for websites and all, TCP makes shells work better.
anyone has anything on root? going nuts here
If someone can give me a hint to continue, I have found a PoC but when I use it I donāt get the shell, I donāt know what else to do.
Yeah I found like a dozen different PoC exploits that were all basically doing the same thing and none of them worked out of the box.
Had to finagle it manually and mess around with changing my Java sdk version.
For privesc, I wonder if thereās a way to access the DB for the website, there might be admin creds there. Anyone found where thatās stored/how to read from it?
This is what I originally thought of, spent forever looking for. Ended up finding a file with creds but were all default and didnāt seem to be in use on the site. Maybe I should go back to this
were you able to access the underlying database?
No. And I couldnāt find any .db files either.
Iām stuck on root. Have spent a lot of time on what feels like a rabbithole in user home folder. Going back to looking at other options.
1 Like
bro iām just running linpeas over and over again and banging my head against the wall at this point
Thatās what I thought, but idk I donāt have anything better to do, itās our best bet so far I think
I wondered about that.
Iāve found a possibility somewhere else. (NB, it might also be a rabbithole)
Anyone able to give me a hint to get a foothold? I have enumerated like mad, bootstrap version, directories, subdomains, ports and I have suspicions but nothing to dig my foot into. Any help would be great guys, thanks
Have you tried fuzzing the directories you have identified again for further directories?
1 Like
@TheSinister418 sent DM
directory enumeration is the way to go, from there just search whatever you find online