Official Download Discussion

surajtheekshana · August 8, 2023, 3:02pm

can you help me to get root flag?

Bl4ckSl0th · August 8, 2023, 3:06pm

I was thinking about the filename in upload request…

htf · August 8, 2023, 3:09pm

I’m struggling to get the payload working for user. I keep getting 502 errors.

Help would be appreciated if anyone is free.

allFun · August 8, 2023, 3:55pm

if you check any of the requests to the site there is a header that tells you the framework behind this app
then I’d suggest using a tool like dotdotpwn

endiku · August 8, 2023, 4:41pm

is someone up for foothold?

chrispydizzle · August 8, 2023, 5:18pm

The monster is not strictly necessary, it just happens to be reliable and one of the few already existing tools that do what it does. It’s feasible and probably would have been much faster to write something more tailor fit, but I just used the monster in an embarrassingly messy hodgepodge way to get my end result.

respawn · August 8, 2023, 6:24pm

You can DM, explain what you did and where you are stuck. I can and will answer but a tad bit later; thus, expect delays. Or hit me up on discord.

And to the above questions, hope it’s not too much, no, no, no. Brute force the sig, LFI related to phpmyadmin, and no need for .env file.

SharpOrs · August 8, 2023, 10:20pm

I have done the cookie stuff, impersonate every user… is the magic on any of the user’s files? Still have no idea on how having a shell…

cyleigh · August 9, 2023, 12:32am

Can I get a nudge on how to find the LFI. It really isn’t jumping out at me even though it sounds like it is easy.

M3Y · August 9, 2023, 12:44am

tec · August 9, 2023, 3:03am

useless files. focus on the attack vector instead. what else is stored?

M3Y · August 9, 2023, 5:51am

easy machine

trungkay · August 9, 2023, 7:08am

I’m stuck in getting foothold. Can someone give me a hint?

HMS · August 9, 2023, 10:10am

I was wondering how to use the power of the monster after acquiring it, but thanks to @tec I knew the way to go and got the user.

4wayhandshake · August 9, 2023, 10:15am

Nah, I didn’t use the monster. Made my own tool using what I had already discovered by that point.

Bl4ckSl0th · August 9, 2023, 10:49am

I found a possible LFI in upload packet, but I can’t find any header who indicates the framework behind this app. Anyway, I already found it using wappylyzer, it is Express right?

tec · August 9, 2023, 10:55am

Right.

Read the title!

Bl4ckSl0th · August 9, 2023, 10:58am

So I must inspect download packet, It seems to me that there is nothing strange

Sn0oker · August 9, 2023, 12:10pm

Can someone help me with the last user part ? I’ve read other users files but don’t know how to reach something else.

whiskerz · August 9, 2023, 12:19pm

Might wanna look into directory traversal.

Topic		Replies	Views
Official Horizontall Discussion Machines	174	24738	December 12, 2024
Official Resource Discussion Machines	153	4567	November 23, 2024
Official RopeTwo Discussion Machines	82	10667	January 18, 2021
Official Worker Discussion Machines	303	30032	March 4, 2021
Official Compromised Discussion Machines	210	22190	January 25, 2021

Official Download Discussion

Related topics