forged c***** doesn’t match the original one and it didn’t get accepted by the server (I brute forced the key)
Anyone can help with that?
try to find another user and forge the c****e with that login found
the problem is I tried to forge the c****** with the same user I created and send th request to server but I get the status unauthorized
I found a User (b***), and was abel to get acess to the F * P Server via the Information I found in the profile. I am not sure if there are more Users or should i focus on the found F * P access?
Try the password pattern with another possible user(F*P)
2 Likes
Hello,
sorry to bother you , I’m trying to get the user flag by now I have the user ftp_admin and two users of mysql root and DB_user but I’m stuck and I don’t know how to move forward, I imagine that app.py has some way of being exploited but I don’tsee.
A greeting and thanks
1 Like
You’re on the right track. look closely at everything. does it have some kind of converter from one format to another? *D-**F
Hello,
converter, for I need it ?
A greeting and thanks
Hello, I am stuck on finding another username, I know how to forge the c***** but cannot find a user.
Hi,
There are some posts in here that are good clues. You might need to write a for loop or something and iterate thru until you find something that works.
Thank you, I got it with a loop but some people here wrote that this is not necessary but I could not find that way.
Ah yes, I saw that too. No idea how they figured that out!
hi @M3rlin,
i am still somewhat stuck on this part. i’ve read the code, see the location it is supposed to be saving to along with the randomness and the allowed file extensions but i still can’t get a shell.
my question is do you need to find what you upload on the server, then hit it with curl or a web browser and then it pops a shell or do you get a shell as soon as you upload?
perplexed in Seattle,
wayl0n
Hi wayl0n,
The second one 
1 Like
Hello… I am analyzing the source code but I don’t know how to exploit to get the s***l, I know it is in the *D-**F converter but I don’t know how to exploit it.
Hi, The same thing happens to me as to you, I can’t find what to do with that .py. 
it’s going to need a little reverse engineering chaps. What is the program doing, calling, expecting etc
Looks like the web service isn’t responding. Did someone DOS the ckeditor? Can we get a reset? I’m at the reverse shell, about to finish this thing, and would like to do so before I start dinner.
Hey @M3rlin,
Thanks for hitting me back on here
it’s calling that converter and is expecting two arguments (one is the content of the .** file that i am serving up with a HTTP server and the other is the random target file)
i’ve tried various metacharacters in .** file i am serving up like & or && or ; in order to get the app to run it when it calls out to bash but it isn’t working.
i’ll slam some more cold brew here
if anyone is stuck on the PDF part, and needs help getting the shell send me a dm