Official OnlyForYou Discussion

system · April 22, 2023, 3:00pm

Official discussion thread for OnlyForYou. Please do not post any spoilers or big hints.

HelloThere · April 22, 2023, 8:20pm

Found a way to peak into the files, but banging my head against what to do next. I try to enumerate anything that comes to mind nothing valuable shows up.

Anyone has a hint ?

m4rsh3ll · April 22, 2023, 8:26pm

Is it normal that the web server takes forever to respond? Only 1 page loaded.
Rebooted the machine. Now even redirect does not work.

spaceboy20 · April 22, 2023, 8:26pm

imagetrick is rabbit hole?

Some0neGood · April 22, 2023, 8:52pm

@spaceboy20 Yes

fxoverflow · April 22, 2023, 9:26pm

Hello, The source code shows you how the application handles things in the upload it’s a good hint about the vulnerability

HelloThere · April 22, 2023, 9:31pm

Wow ok I got it.
If anyone got stuck at the same point as me here is a hint :

What is the language used on the subdomain ? Maybe the dev used the same language on the main domain ?
Keep that in mind when fuzzing for files that might exist on the box when abusing the L** vuln (-x flag on gobuster)

fxoverflow · April 22, 2023, 9:32pm

Yes, however I can’t determine the webroot or find files allowing me to move forward.

HelloThere · April 22, 2023, 9:36pm

Look into the HTTP response headers : is it nginx or apache or something else entirely ?
What is the default place where people put configuration stuff for this software ?

dvir145 · April 22, 2023, 9:38pm

this was the first thing i tried, am i missing smth?

HelloThere · April 22, 2023, 9:42pm

This is a bit too much info imo

N4v4S · April 22, 2023, 9:44pm

Well, I think you are right.

Offancy · April 22, 2023, 10:19pm

I am kinda stuck at the foothold. I am wondering where you guys found the LFI

Gamakitin · April 22, 2023, 10:23pm

any clue about PrivEsc?

fxoverflow · April 22, 2023, 10:23pm

You have to read the source code to understand the logic of the application. It is not for nothing that you can download it

HelloThere · April 22, 2023, 10:54pm

Rooted.
Although root is very easy, I would definitely put the user part in “hard” levels of difficulty.

While all makes sense, you have to guess quite a lot of things.

If you are stuck, feel free to reach out for help.

Offancy · April 22, 2023, 11:02pm

Got it

Paradise_R · April 23, 2023, 12:37am

Finally home, I hope this cold don’t hold me down on solving the machine

greder · April 23, 2023, 1:56am

I am advancing a lot I found the webroot of the main application I am trying to find some more code inside this directory if someone needs help they can write to me I can give information how far I have come

lim8en1 · April 23, 2023, 4:06am

Pwned that box, it’s a good medium box, closer to the easy tier. I’ve needed to do some research to inject properly (it was the most fun part of the box btw).
Some hints:

user: enumerate, don’t forget about default creds and config files.
root: check your privileges, try running the exploit without sudo first (easier to debug and develop that way)

Topic		Replies	Views
Official Resource Discussion Machines	154	4333	October 29, 2024
Official Late Discussion Machines	296	18034	July 30, 2022
Official Visual Discussion Machines	106	7592	February 22, 2024
Official Encoding Discussion Machines	21	2889	November 14, 2023
Official Paper Discussion Machines	312	18042	May 19, 2023

Official OnlyForYou Discussion

Related Topics