and also tried fuzzing after .git but didn’t found
Got root. Thanks to @ph0bos
1 Like
Can I get some help with getting user, I have a foothold but ive been doing a dum dum for a while trying to smuggle with the public POC.
Anyone I can PM?
Edit: Ive been trying to do this but i dont think permissions are on my side
Edit got it was a lot more straightforward than i thought
Thanks @H0ld3n for the nudge
did you get help? …I might give you a hand
I can read file but what next can i do please help . anyone ??
Lol same I feel that😂
Any hints on exploiting the web page? im kinda stuck
Help me bro DM . PLEASEEEE
someone can help me with privesc? i found the script but i cant exploit it
look closely what other programs are used
Solid Easy level box.
Enumerate, and then enumerate some more.
If you find something, use other tools to mine info. That will get you to user.
Once user, enumerate some more, see what is running. Understand the parts of it and what might be vulnerable.
Use gitdump tool
Hey i am able to read files from the host but can’t find a way to rce any hint guys ?
brothers, needa little tip!
dumped .*** dir, all right, reading source f***s, but can’t think of how to use it in my purpose. please, DM me if u know!
Big respect everybody struggling & playing HTB
at least it will be cool if someone tells me what file is vulnerable
whatever you have in .**t the app uses it, so check carefully what tools do you have in the directory and what versions and if it vulnerable or not.
2 Likes
and read the source code as well!
1 Like
Need DM nudge. Found the exposed dir and got the program thats got the vuln. Can get LFI for some data but stuck where to go from here.
Is there any chance for reverse shell?
I found .git “repo” but I don’t know what to do with it 
Any hints?