Thank you guys for the hints on the comments, it really helped. So I will let my comments.
Since this is my frist time doing this, please I’m sorry if it’s a spoiler, not sure how it work but I would appreciate if you exclude it in that case.
Foothold: Basic enumeration will give you some code, read it, most people only think on the L** vuln , but there is file with HTML code (Only basic HTML? Not sure ) that can give you an idea on what else you can do… So, you can read, you can write, just think a little bit.
User: I struggled on this, you probably on the right folder and tool, but, developers do not work alone and they like to separate stuff as well, Google IT. After that, if you did a good scan you found something you could not use in the past, what now? (This comment helped me a lot)
Can I get a hint? I’m stuck at the L** and have been messing with the C****** trying to get a reverse shell and also trying to find “Public” files trough It. I looked though the .*** folder and found the L*** folder and think they are creds but don’t know how to “use” them.
Has anyone been able to exploit via the werkzeug debugger yet? Just wanted to check if you are able to execute commands on the interactive console? Tried the debugger way but was unable to execute any commands on the interactive console
Is checking git also a dead end, because even though the developer adds the .gitignore file in future commit but cant really find any exploitable differences in git log.
Please someone help me.
I can exec some command in Dxxxxr cxxxxxxxr’s shell via console, but I cant establish outbound connection like ‘console> nc my-ip my-listen-port’.
How did you exec reverse shell?
If anybody has any tips for me that would be highly appreciated. As far as i can tell you need to use the upload functionality then trigger the reverse shell from it somehow, but to do that i need to modify the v***.py file i think and i seriously don’t understand how i can do that. Also i was able to find something strange in *****.json file when checking the git history don’t know if its important or not.
guys i stuck on console page
i don’t understand the hints too, i don’ know what should i do with .py files. i used run.py
for console’s pin, but couldn’t go further
could someone DM me? i need a straight hint
edited:
Summary
ok now i checked “show hidden file”, and i discovered a folder named .git, don’t know what to do yet
How can i unlock /console? I am stucking here. The pin that i generated it is invalid. What user name should i use in pin generation phase.HELP PLEASE?
Hi everyone, I have tried almost all ways in getting the foothold but to no avail.
Understand not to place much attention on the /console pin as there are other ways such as reviewing/modifying the downloaded source code (views.py, utils.py), html code and .git folder. However, I still did not have any luck obtaining the user flag.
I managed to get a shell in the docker but that is as far as I can go. Have also tried to break out of the docker container but failed.
Would really appreciate if anyone can reply/private message me some hints on where I can look for next. Thanks.
) that can give you an idea on what else you can do… So, you can read, you can write, just think a little bit.