Official OnlyForYou Discussion

system · April 22, 2023, 3:00pm

Official discussion thread for OnlyForYou. Please do not post any spoilers or big hints.

HelloThere · April 22, 2023, 8:20pm

Found a way to peak into the files, but banging my head against what to do next. I try to enumerate anything that comes to mind nothing valuable shows up.

Anyone has a hint ?

m4rsh3ll · April 22, 2023, 8:26pm

Is it normal that the web server takes forever to respond? Only 1 page loaded.
Rebooted the machine. Now even redirect does not work.

spaceboy20 · April 22, 2023, 8:26pm

imagetrick is rabbit hole?

Some0neGood · April 22, 2023, 8:52pm

@spaceboy20 Yes

fxoverflow · April 22, 2023, 9:26pm

Hello, The source code shows you how the application handles things in the upload it’s a good hint about the vulnerability

HelloThere · April 22, 2023, 9:31pm

Wow ok I got it.
If anyone got stuck at the same point as me here is a hint :

What is the language used on the subdomain ? Maybe the dev used the same language on the main domain ?
Keep that in mind when fuzzing for files that might exist on the box when abusing the L** vuln (-x flag on gobuster)

fxoverflow · April 22, 2023, 9:32pm

Yes, however I can’t determine the webroot or find files allowing me to move forward.

HelloThere · April 22, 2023, 9:36pm

Look into the HTTP response headers : is it nginx or apache or something else entirely ?
What is the default place where people put configuration stuff for this software ?

dvir145 · April 22, 2023, 9:38pm

this was the first thing i tried, am i missing smth?

HelloThere · April 22, 2023, 9:42pm

This is a bit too much info imo

N4v4S · April 22, 2023, 9:44pm

Well, I think you are right.

Offancy · April 22, 2023, 10:19pm

I am kinda stuck at the foothold. I am wondering where you guys found the LFI

Gamakitin · April 22, 2023, 10:23pm

any clue about PrivEsc?

fxoverflow · April 22, 2023, 10:23pm

You have to read the source code to understand the logic of the application. It is not for nothing that you can download it

HelloThere · April 22, 2023, 10:54pm

Rooted.
Although root is very easy, I would definitely put the user part in “hard” levels of difficulty.

While all makes sense, you have to guess quite a lot of things.

If you are stuck, feel free to reach out for help.

Offancy · April 22, 2023, 11:02pm

Got it

Paradise_R · April 23, 2023, 12:37am

Finally home, I hope this cold don’t hold me down on solving the machine

greder · April 23, 2023, 1:56am

I am advancing a lot I found the webroot of the main application I am trying to find some more code inside this directory if someone needs help they can write to me I can give information how far I have come

lim8en1 · April 23, 2023, 4:06am

Pwned that box, it’s a good medium box, closer to the easy tier. I’ve needed to do some research to inject properly (it was the most fun part of the box btw).
Some hints:

user: enumerate, don’t forget about default creds and config files.
root: check your privileges, try running the exploit without sudo first (easier to debug and develop that way)