hello look at the documentation of the software and try too see where is the config file, when you’re in the box try to see this file
yes like I said look at the software config, as www-data it’s all you can play with so search software config file on google, you’ll find something interesting
Stuck here at vhost enumeration.
Looks like none of the Wordlists are working
it would be great if you can nudge a bit in right direction
found the subdomain, and was able to login with generic cred, but have no privilges. Is this the right approach or am i getting off track?
it’s the right approach now look at the software you logged in and try to find something interesting about it on the web
when you try to enumerate vhost with gobuster you have to add the flag “–append-domain”, like “gobuster vhost -u http://somewebsite/ -w /usr/share/seclists/Discovery/DNS/yourwordlist.txt --apend-domain” and normally it will find the good subdomains
Thanks for the advice from everyone; I have pwned the machine.
i got a shell on it using a cve, but theres not much to see
I PM you to discuss about the “not much”
thanks, found it.
That user has access to web folder, maybe now you can read interesting files
no problem good luck friend
Hello any tip regarding root
I need help on root. Searched /v**/*** completly clenased every corner for info to root, but cant find even the vector
Any help pls?
Thanks a lot bro you saved me
Can’t find for the moment I’ll share when I pwn root, sorry man
Thanks a million @Kr4t0s4s , I finally found the password and was able to deduce where to use it (that part was easier than finding it )
thanks to you bro, yes I learned to search for config file when i have a foothold ! that’s important to search for the structure of the application on the web and read documentation
Finally rooted the box.
Thank you. I was beating my head so hard. sometimes you gotta take a step back and look at the forest for the trees.