totally got stuck with that s**i for last 24-30h. trying different places
You can solve the “place” issue quite quickly. Enter something and see what the output looks like. Then you know which field is the most useful.
and different payloads without any success… think its pe or nt params but i’m not sure… maybe no.
can somebody please send me good article which can help or little nudge in PM what i’m doing wrong? i’ll explain what i already did. thanks guys!
Portswigger is a good resource. Also if you search the term as words rather than the acronym, you get some very good hits.
Got shell but stuck on privesc, as usual. Run linpeas but nothing stands out, any nudges or general tips on how to improve my privesc game?
Well, it depends on your initial enumeration. In general for privesc, look at what’s running on a machine and see if you can exploit it. There isn’t really a short cut.
This is a difficult thing to help with. I dont know where you are stuck or what you are stuck with, so I can only start at the beginning.
Try using nmap to see if any ports are open. If they are, examine them. Find some more information from them which can allow you redo your examination. Find a thing which takes input. Submit some things and check what happens. Find a way to tweak the output. Google for payloads on this thing. Use a payload. Get a shell.
I need a little help… should i keep trying s** ij*** on DSM ? I have tryed different kinds of byp*** but with no luck, should i try something different ?
I need a little help… should i keep trying s** ij*** on DSM ? I have tryed different kinds of byp*** but with no luck, should i try something different ?
got a foothold, but I got much much reading to do about this, after all the goal here is to learn new tricks as you’re owning the box. Thanks @egotisticalSW
Got root? Got root. Quick little box, thank you @egotisticalSW. It took me far longer to move from the foothold → user, but once I did it was a quick path to root.
root@doctor:~# id uid=0(root) gid=0(root) groups=0(root) root@doctor:~# hostname doctor root@doctor:~# ip addr show dev ens160| grep 'inet 10' inet 10.10.10.209/24 brd 10.10.10.255 scope global ens160
I don’t think this gives too much away… What might a developer use to help present dynamic content on a website? That thing is vulnerable. Look at the HTTP responses. There is a small clue of what flavor is being used based on the type of server that is responding. You can fuzz for clarity. Once you have some sense of that, review the code for the path to actually trigger.
Who can help me with a nudge?
I have enumerated ports 22, 80, and 8089. I found one login on 8089, but so far that is the only login I have found. I tried checking requests with burp and enumerated with dirbuster. I’m pulling my hair out trying to get a foothold. HELP!
Who can help me with a nudge?
I have enumerated ports 22, 80, and 8089. I found one login on 8089, but so far that is the only login I have found. I tried checking requests with burp and enumerated with dirbuster. I’m pulling my hair out trying to get a foothold. HELP!
Try one of the other ports. Look at the information it shows you and modify your request to include that.
If you are really stuck, read through the previous questions here as it has been asked a couple of times.
Who can help me with a nudge?
I have enumerated ports 22, 80, and 8089. I found one login on 8089, but so far that is the only login I have found. I tried checking requests with burp and enumerated with dirbuster. I’m pulling my hair out trying to get a foothold. HELP!
Try one of the other ports. Look at the information it shows you and modify your request to include that.
If you are really stuck, read through the previous questions here as it has been asked a couple of times.
Okay I’ve checked out 80 fairly closely. I noticed all the pages are the same not matter what I click. I tried enumerating directories but no new info. What am I missing?
Okay I’ve checked out 80 fairly closely. I noticed all the pages are the same not matter what I click. I tried enumerating directories but no new info. What am I missing?
It kind of depends on how you are requesting them. They have the info you need to get past this issue.
Okay I’ve checked out 80 fairly closely. I noticed all the pages are the same not matter what I click. I tried enumerating directories but no new info. What am I missing?
It kind of depends on how you are requesting them. They have the info you need to get past this issue.
I feel like I am most likely missing something staring me right in the face. I edited my H**t-file to reflect the correct address of the box, but that hasn’t helped… I usually do that anyways so I don’t have to continuously enter the IP address. Can I PM you?