Official Heal Discussion

R00cKet · December 16, 2024, 11:27am

Sometimes it’s broken. You need to reset until there is port 80 open

retr00h · December 16, 2024, 11:34am

For root, am I supposed to login to a specific internal service?

RayanArcadia · December 16, 2024, 11:44am

I have been sitting here for 2 hours. But the catch is that I haven’t even opened the website yet cause Port 80 is closed even after the 3rd reset and my friend’s second reset.

binbashsu · December 16, 2024, 12:53pm

Having the same issue here, I assume that Port 80 is meant to be open and even trying to connect to it directly doesn’t work.

gOtpWnedd · December 16, 2024, 1:11pm

My linpeas is not working? How else can i find the vulnerable service that is running so as to get root.

SighnWaive · December 16, 2024, 1:16pm

Try a netstat -plnt and also a ps aux both of these will give you some useful information. Specifically, netstat will show you ports that are being listened to, and then ps will give you the process list that you can look for the application that might match those ports. Linpeas is great, but i suggest learning a bit of enumeration without it, then use it to make your life easier.

SighnWaive · December 16, 2024, 1:17pm

NO, the box is broken here, try resetting it, or connect to another VPN. This box seems to have an issue during instantiation.

zzero · December 16, 2024, 1:34pm

em I am having problems viewing the files by LFI. Any help/hints?

d41y · December 16, 2024, 1:36pm

Read the Docs and try 2 levels below

Loydt · December 16, 2024, 1:40pm

What seems to be your problem?

zzero · December 16, 2024, 1:42pm

I know which files to point to with the LFI and where I have to do it. the thing is that it doesn’t show me the content.

gOtpWnedd · December 16, 2024, 2:02pm

Can anyone please help me on how to use the exploit.py

0xalam · December 16, 2024, 2:07pm

I have LFI but not able to locate correct files any help.

d0bby · December 16, 2024, 2:47pm

Can you DM me please?
About the token.

Never mind: just a matter of paying attention to get it.

Username123 · December 16, 2024, 2:49pm

I found this to be helpful

psychobytes · December 16, 2024, 3:50pm

im stuck there too. how to find the token ?

i get it now haha.

relampag0o · December 16, 2024, 4:22pm

never mind just figured out how to get to the LFI…

voyager77 · December 16, 2024, 4:33pm

I’m stuck with LFI.
It doesn’t feel like I’m on the right track.
Also, I’m encountering a lot of 530 errors.

binbashsu · December 16, 2024, 4:53pm

Make sure when you are exploiting the LFI that you have a valid Authorization: [token] header set and try investingating ruby on rails configuration files

Slxyre · December 16, 2024, 4:57pm

For vulnerable internal services you can check processes, with the netstat command in linux. Or ss command.

Example:

ss -tunlp
netstat -tunlp

TheCyberMentor has a great linux privilege escalation course free on YouTube. Skip to the processes section of the video and apply the knowledge

Topic		Replies	Views
Official Shared Discussion Machines	34	5450	October 22, 2022
Official Moderators Discussion Machines	12	2479	October 17, 2022
Official Driver Discussion Machines	72	9544	May 5, 2022
Official Backdoor Discussion Machines	93	11138	May 30, 2022
Official Seal Discussion Machines	74	8591	November 13, 2021

Official Heal Discussion

Related topics