Read the documentation for the service. you may not need a token as there is another way. Try to understand why its asking you for a token in the first place and if thats going to help you execute commands. Google for any Exploits on the service and you’ll find an interesting one that will give you RCE. You don’t need a token.
1 Like
Wow!
I successfully read /etc/passwd.
Thank you.
1 Like
Is the machine broke? I can’t see port 80. Been happening since yesterday.
1 Like
What documentation are you guys checking to know the project location and point with the LFI? Cant figure it out…
It was really hard to get all the way without hints… Still i think this is a good box, you need to work clean and exhaust the possibilities. Small riddle to help some people:
The slow-witted son of the police chief might help you to get into the house, but after that just leave him alone, he is just doing his thing.
Documentation is not for LFI. Documentation is for the service once you have a foothold.
I see. How did you figure out the project folder then? Tryed most used ones and got nothing so far.
LFI is on a webpage that has a certain framework. Look for interesting files in that framework. Google is your friend.
1 Like
Chatgpt: ‘interesting configuration files for ruby on rails’ - exhaust the list that it outputs until you uncover something
Obtained a hash, now need to figure where to use it haha. thanks!
1 Like
bro i found a hash and master key but not able to decrypt it
THIS WHOLE TIME ■■■. I thought it was meant to only have ssh open. SMH
bro i found a hash and master key but not able to decrypt it
how to get the token
Rooted!
Regarding the token, you’ll understand it quickly by reading the documentation.
Hi,
I’m having problems with a port that is a crucial entry point for the initial attack. Some times it’s open but far too often it’s closed. Restarting the machine doesn’t seem to do the job.
Any suggestions?
Br,
P
Hi,
I observed the same (even after 3 restarts of the machine).
I believe someone is doing too much bruteforce for subdomains and/or endpoints.
In my case it killed webserver once so that’s why I think this is the reason.
2 Likes
Found another login panel but… how did you guys discover this one? I was able because i got told about this… Tryed fuzzing it and couldnt get it.
If i do bruteforce for directory/files i get 503 service unavailable. I have managed to crack the hash for r***h user but don’t know what to do next. ssh not working for user.
All of the directories/sub-domains can be found through general use of application. Fuzzing isn’t required to uncover these.
One sub-domain and its associated sub-directory is revealed by just generally playing around with the web application hosted on port 80 and intercepting the requests through BurpSuite
Similarly, the other sub-domain is found through playing around with the application. The admin panel that you’re referring to is probably this one, and some common knowledge / Googling about that particular service will reveal the subsequent different sub-directories
2 Likes