I’m using Official Documentation. Any better luck with the Github do you feel?
not very interesting to be honest. For now :8000 feel likes: 1. SQL injectable, 2. some kind of blazor vuln, 3. rabbithole.
It’s also very difficult to do basic directory fuzz with gobuster as it’s async.
Going back to :80
CVE-2023-36558 maybe?
that was my thought. No poc I can find so reading up on it.
Reading the disclosure for the CVE, it states you have to be logged in. I’m probably going back to my first two thoughts before I get trapped.
Does anyone look at the last js script at http://lantern.htb:3000/login? looks weird
seems like blazor server invokes .net methods from js. If there is no proper sanitization, might be possible to execute interesting stuff
3 Likes
You can interact with the DB in the ‘vacancies’ panel in port 80
There are a lot of possible file uploads, but haven’t tried any
2 Likes
found a hint somewhere else for initial foothold. anyways, if anyone needs a very slight nudge look for web servers
Is CVE-2018-0787 ???
any hint for user i got path traversal looking for data.db but no luck
Sorry in sofa watching movies so did not see this before. Is mitmproxy I love it, lite and I have custom plugins, is perfect for what I need, I try to avoid closed source tools this is just one example of add-on: ~rek2/mitmproxy_hacking - mitmproxy hacking plugin with utilities and commands for CTF and such - sourcehut git
1 Like
I have only found an SSRF, have you guys found any other interesting things?
Is downloading the DLL the right path to take?
1 Like
SSRF as well, along with the frontend framework.
Aright, I’m pretty stuck.
Definitely a lot of twists and turns in that box. Kudos to the author for a challenging box.
3 Likes
Can i DM for a nudge?
Not before 24 hours. Feel free after then.
1 Like
ok