Can someone give me a tip. I got the right page on my localmachine, but I did some fuzzing and got nothing usefull.
Greetzz
1 Like
Yesā¦ try editing the script and point it at a certain pathā¦ But first you need to use a tool to scan something maybe for directoriesā¦
I mean for root 
For root Iāve been enumerating and I managed to find /a***** and /li**_se***** also tried the POC but iām not getting anywhere. Any hints?
My bad lol, try fuzzing then look for something that leads to a CVE.
Try nmap
Youāre on the right track, try looking for something that leads to a CVE and use what youāve found.
What did you get based off your fuzz results?
Thanks for the help
2 Likes
I got assets ā this contains js and css . But with nmap now I got a PoC , but I am getting status codes 400 not found
Thanks for some tips! This box is between easy and medium I would say.
If someone needs tips I am ready to anwser.
4 Likes
This is where iām stuck. No payload iāve used so far has done anything. I read the PoC but still unsure.
Use the BusyBox payload on revshells.com and use sh instead of bash.
Ahh thank you!
1 Like
Im so confused, where do I put the payload in the file?
You need to figure out the actual exploit first before you start dropping in payloads, lookup cif file exploit and go from there.
Someone probably has a scripts that automate pretty much everything, especially these easy boxes.
1 Like
copied the PoC, from the exploit, not sure what payload to put into the file or where, used revshells.com to try and get it a hit but nothing seems to be working? maybe im not putting the code in the right place idk
Look at the code, somewhere in there youll see a bash command in quotes.
1 Like
i think i got it, just cant seem to find the right code to input, guess its just trial and error