You’re Hacker and clever, with mind so bright,
Your intelligence shines like a guiding light.
4 Likes
Default creds aren’t working for me if it’s n***j that we are looking at. Struggling to find any config files that www-data has access to beyond logs and systemd. Any hints?
1 Like
Try to understand what technology stack is used for the web server first. Maybe whatweb may help you with it.
i stuck in webroot , other hint?
We talking user or foothold here? I already have shell as www-data
Eh, I thought that was about the foothold.
I’ll PM you
Can anyone pm? I am at w******* user
same here. a small hint anyone 
“99.99%
of people backspace
their whole password,
when they just mess up one
letter”
Should this hint be used somewhere?
1 Like
The problem was in VPN. The European server was only able to respond with 1 subdomain main page. This is weird.
Try to enumerate the open ports. After you identified which ones are open, make your life easy using chisel.
1 Like
Anyone getting?:
./chisel: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by ./chisel)
./chisel: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./chisel)
1 Like
Hint please
Have shell as www-data. Working to explore the ports.
For those struggling with shell, I suggest digging through the source and replicating the vulnerable code locally to test different payloads.
Can someone DM me about user? I’m not a psychic, I can’t just guess creds in a bunch of services. Anyway default is not working. I was trying…
Any hint for root ? I can’t even download uploaded files 404 not found …
Try switching from private to public, and remember that that thing resets every 60 seconds so you have to be fast
anyone see a website with bg.jpg ? is it a rabbit hole ?
I was also able to get initial foothold but can’t connect to neo4j. Can anyone DM me for hint?
Tip for anyone struggling with initial foothold - one you find the initial vuln in source code, FUZZ, don’t guess.
Not so many frequent questions in this machine, they were pretty diverse, but something that seems to be a problem for most are these two little things
For anyone who whishes to know, it is possible to see the webroot from nginx configuration files and after this, you can fuzz the files to find the source, although there is a faster way to retrieve files, don’t rely on guessing, but make sure your guesses are lucky ones 
And for the injection, yes, some of the payloads in hacktricks won’t work, but those who do, will give you everything you need, just make sure your server is setup correctly 
Aside from this, at anytime, R is always here, just send me a message 
4 Likes