Official discussion thread for OnlyForYou. Please do not post any spoilers or big hints.
Found a way to peak into the files, but banging my head against what to do next. I try to enumerate anything that comes to mind nothing valuable shows up.
Anyone has a hint ?
Is it normal that the web server takes forever to respond? Only 1 page loaded.
Rebooted the machine. Now even redirect does not work.
imagetrick is rabbit hole?
Hello, The source code shows you how the application handles things in the upload it’s a good hint about the vulnerability
Wow ok I got it.
If anyone got stuck at the same point as me here is a hint :
What is the language used on the subdomain ? Maybe the dev used the same language on the main domain ?
Keep that in mind when fuzzing for files that might exist on the box when abusing the L** vuln (-x flag on gobuster)
Yes, however I can’t determine the webroot or find files allowing me to move forward.
Look into the HTTP response headers : is it nginx or apache or something else entirely ?
What is the default place where people put configuration stuff for this software ?
this was the first thing i tried, am i missing smth?
This is a bit too much info imo
Well, I think you are right.
I am kinda stuck at the foothold. I am wondering where you guys found the LFI
any clue about PrivEsc?
You have to read the source code to understand the logic of the application. It is not for nothing that you can download it
Although root is very easy, I would definitely put the user part in “hard” levels of difficulty.
While all makes sense, you have to guess quite a lot of things.
If you are stuck, feel free to reach out for help.
Finally home, I hope this cold don’t hold me down on solving the machine
I am advancing a lot I found the webroot of the main application I am trying to find some more code inside this directory if someone needs help they can write to me I can give information how far I have come
Pwned that box, it’s a good medium box, closer to the easy tier. I’ve needed to do some research to inject properly (it was the most fun part of the box btw).
- user: enumerate, don’t forget about default creds and config files.
- root: check your privileges, try running the exploit without sudo first (easier to debug and develop that way)