Official Freelancer Discussion

Aleee6 · June 2, 2024, 3:53pm

So rushing to sql console and trying to crack the found user hashes is a waste of time?
~8min left said by hashcat so i will find out soon

apirataun · June 2, 2024, 3:57pm

No cracking is required to user

Aleee6 · June 2, 2024, 3:57pm

Yay cool

apirataun · June 2, 2024, 4:00pm

Look for xp_cmdshell

Aleee6 · June 2, 2024, 4:01pm

Oh sh!t i always overcomplicate
So it kind of svc acc->user->root?

apirataun · June 2, 2024, 4:08pm

yep until user it is.

assquired · June 2, 2024, 4:36pm

I have used the release arena to no avail, I bit the bullet and got Vip+, it works now. a bit pay to win but I was fortunate enough to be able to shill the extra cost. After getting port 80 it is fairly straight forward. I wish you the best of luck mate!!!

assquired · June 2, 2024, 4:42pm

Could any of this be related to DDoS? I see there is a HTTP/2 and even on a VIP+ fuzzing causes 503 after a few mins. Are we accidentally DDos’ing the box? And on the free tier is this why no one else is able to see the port??? Lmaooo

sarp · June 2, 2024, 4:47pm

Stuck at admin panel. Can’t execute windows command

fucking xp_cmdshell doesn’t work

Aleee6 · June 2, 2024, 6:14pm

Same xD cant enable it. No perm. I dont see how could we use it
Im in with id 2, johnhalond, admin, superuser. Idk. We must overlooking something trivial i guess

bsnun · June 2, 2024, 7:16pm

Still trying to find a SQLI entry point.
Tried SQLMap with different request files and none of them returned nothing…

Vorderman · June 2, 2024, 7:28pm

Anyone have a hint for what to do once we have an employer user?

tekila84 · June 2, 2024, 7:43pm

You have to scan some code, then find the IDOR Vuln, In that code/link, to make your user admin, which you would then later login into the brute forced directory that you have found

Vorderman · June 2, 2024, 8:19pm

Let this be a lesson to others never to miss the equals sign when copying values!

FroggieDrinks · June 2, 2024, 8:33pm

Is XSS required on the recovery pages? If so can i get any hints please. Do I have to do both freelancer and Employer or just one?

Vorderman · June 2, 2024, 9:10pm

No, XSS not required. Definitely need employer so far.

sarp · June 2, 2024, 9:50pm

for the fucking second part which program did you use? volatility fucking giving nonse errors that are unsolveable

FroggieDrinks · June 3, 2024, 12:33am

Is the profile picture a rabbit hole or is that how I proceed ? becuase trying to get exiftools to play nice is frustrating Lol.

hacetuk · June 3, 2024, 12:42am

i don’t think you need it?

bsnun · June 3, 2024, 12:46am

Apparently so. Went through this rabbit hole yesterday and realized it wasn’t storing the file.
Ran Ffuf for the profile picture name, got a couple that could be accessed, but nothing useful.

Got an admin page and with the hint from @tekila84 I presume there is a Back End script that could make the registered user an admin, but I’m busting to find something.
Running Feroxbuster trying to find anything useful. From the source code I couldn’t find anything as well.

Topic		Replies	Views
Official Analytics Discussion Machines	245	11601	May 12, 2024
Official Mist Discussion Machines	25	2603	October 5, 2024
Official Cerberus Discussion Machines	211	10185	July 25, 2023
Super frustrated but probably easy to fix Machines	6	691	January 31, 2018
Official Resource Discussion Machines	156	4510	November 23, 2024

Official Freelancer Discussion

Related topics