Official discussion thread for Retired. Please do not post any spoilers or big hints.
i got the L** but don’t known how to use that don’t have permission to read de* files
Are you surreeeee you found a L**?? Like 100% sure?
I’ve spent 4 hours on this box. Quite frustrating. I early on noticed the … I won’t call it a L**, I’ll call it a parameter. I used this parameter to look at a particular file to make sure it was a true L** and learned things there. Are my answers in that file or is this a super unrealistic rabbit hole?
I’ve read loads of logs, visited github pages. This sucker is static as it gets. No cookies or anything. I can make my browser do loads of things …um…remotely … if you will… but nothing touches the server. I don’t even want the points this far in. I just want to know how.
@jocker ^^ this hints at why I ask.
I guess this L** just allow to read what you need to know to submit the right file… However, I can not find what should be the right file to submit.
At least, now I know what kind of icenses and permits I need to farm ostrich and emus lol
i found a vuln via L** enumeration, and i can interact with it via R**, but cannot find a way to exploit it via this limited surface.
Got the bridge page. did not enumerate enough.
Anybody want to compare notes?
I’m not any further then the other posters here. With the L** I could get a bi****y though, which shines some light onto what is happening on that local elite port. Still could not trigger any RCE yet though.
keep enumerating. there are more pages than default.
i got that. i even got the bi—y that stuff is sent to in a*******_l*****.***
just this moment i got the l*****.s***** ok, maybe that’ll help
oh. alright. i got the bi—y before find the page.
extra info from L** helps exploitation.
I ran dirbuster against the http://IP/ as well as fuzzed the page= with the medium dictionary. What voodoo magic are you guys using to find this other page?!
Just keep in mind that size does matter.
It’s important to tell the tool what types of files you are looking for.
download and analyze it, then enumerate more to break some of the protections （taking advantage that you have more than the binary).
How did you manage to find the b****y?
Enumerate proccesses via LFI, or guess from php file