tmp_name = random name…
red the WEB.
"A license files contains a 512 bit key. That key is also in the QR code contained within the OSTRICH package. Thank you for participating in our beta testing program. "
i believe the magic is here.
i am in the same point
Thanks for patiance and hint, I will think more about that!
I got one more b****y, but it does nothing. Is there anything more?
Got the L**, the b*****, analyzed it and traced “somehow” how it works. I still have an issue making up the payload. Any PM’s would be appreciated.
From my point on view: The “QR” code is rabbit hole. Try to understand the workflow. What will be called after uploading the license file? What will happen after that?
What is so special about those pages? Any hint?
w00t! got user. what a ride! I really learned something here!
Try L** and get that important file with users. Still stuck in front enumerating L**
what file did you examine to get user?
nothing special, just basic web enumeration for hidden pages/directories.
1 Like
user wasn’t actually that hard. the foothold before being able to get close to user was the cool and tricky part. for user, i looked around, saw something, tried something and to my surprise it worked.
2 Likes
(Firstly, do basic web enumeration to get idea about the whole website, before any other enumerations)
Some basic usages on LFI:
- access local files outside website root;
- leak source code;
- enumerate processes.
You’re right. As always, and it’s the case for myself. I lose time at recon.
i enum proces. i have l*****.s**** and b*****
in local i can change the l****.s**** but not in remote…
i need some tip
dang… can somebody reset the machine pleeeease? i keep destroying it (and have reached maximum resets)
its running ok
i reset 20 min ago
no, I broke it after that 
i need help
i trying exploit S******
#
i’m stuck on b*****, i have a****l*****. too, but i don’t have any idea from here. Any hint for me? <3