6 hours to go, started to get worried
Rooted!
@T0v1r 's comment got me out of a rabbit hole.
What a large hole…
Finally i can sleep
By the looks of it the default creds are no longer a viable attack vector.
I’m trying to bypass the 403’s.
I’ve tried a bunch of things so far, and I think I’m on to it, any hints?
Has anyone rooted since they did away with the default creds?
I am really stuck on foothold, it seems like the machine was updated and some of the techniques some older hints talk about no longer work. I would appreciate some guidance, so far I have just found The credentials for margo
why gitbucket doesnt have the default creds ive been trying everything and i cant sign in
Same here. I tried looking for some SSRF vulns but got nowhere. I even tried to brute force the the jwt token to crack the secret.
Then I tried to bypass the the 403 warnings and get to /download or /logs but cant get anything going.
Anyone willing to drop a hint for us? You could even seize the opportunity to send me down a rabbit hole just for fun lol.
Am I even going in the right direction here?
Anyone?
Was this box patched or something? The default creds aren’t working for the service running on 8080
. Even after a reset, the defaults don’t work.
Yeah this was the unintended solution that has being patched. Still trying to figure out the intended way in.
I got a way to get a cookie on the portal, but I don’t see how I can use it… Any help would be appreciated.
It can be used to CSRF through the XSS, however ACLs are still preventing access to /download and /logs. Any ideas how to bypass?
If the XSS is done right, you can use the cookie in one request to CSRF, grab and base64 the responseText, and make another request back to yourself containing the b64.
Although, without access to /download or /logs, can’t see the useful utility of this
I got the login for portal, but I don’t know how to continu. I cannot find XSS on the portal and was busy with request smuggling. No success till now. Who has a hint?