Official OnlyForYou Discussion

Official discussion thread for OnlyForYou. Please do not post any spoilers or big hints.

9 Likes

Found a way to peak into the files, but banging my head against what to do next. I try to enumerate anything that comes to mind nothing valuable shows up.

Anyone has a hint ?

Is it normal that the web server takes forever to respond? Only 1 page loaded.
Rebooted the machine. Now even redirect does not work.

imagetrick is rabbit hole?

@spaceboy20 Yes

Hello, The source code shows you how the application handles things in the upload :slight_smile: it’s a good hint about the vulnerability :slight_smile:

Wow ok I got it.
If anyone got stuck at the same point as me here is a hint :

What is the language used on the subdomain ? Maybe the dev used the same language on the main domain ?
Keep that in mind when fuzzing for files that might exist on the box when abusing the L** vuln (-x flag on gobuster)

1 Like

Yes, however I can’t determine the webroot or find files allowing me to move forward.

Look into the HTTP response headers : is it nginx or apache or something else entirely ?
What is the default place where people put configuration stuff for this software ?

this was the first thing i tried, am i missing smth?

This is a bit too much info imo

Well, I think you are right.

1 Like

I am kinda stuck at the foothold. I am wondering where you guys found the LFI :thinking:

any clue about PrivEsc?

1 Like

You have to read the source code to understand the logic of the application. It is not for nothing that you can download it :slight_smile:

1 Like

Rooted.
Although root is very easy, I would definitely put the user part in “hard” levels of difficulty.

While all makes sense, you have to guess quite a lot of things.

If you are stuck, feel free to reach out for help.

2 Likes

Got it :slight_smile:

Finally home, I hope this cold don’t hold me down on solving the machine :sweat_smile:

2 Likes

I am advancing a lot I found the webroot of the main application I am trying to find some more code inside this directory if someone needs help they can write to me I can give information how far I have come

Pwned that box, it’s a good medium box, closer to the easy tier. I’ve needed to do some research to inject properly (it was the most fun part of the box btw).
Some hints:

  • user: enumerate, don’t forget about default creds and config files.
  • root: check your privileges, try running the exploit without sudo first (easier to debug and develop that way)
1 Like