did you update exploit to upload rev shell from your local machine?? ping me if you need help.
can anyone help me? i managed to get a reverse shell but i canāt get privesc 
Hello I canāt acces to the Contact web page. I donāt have network connection problems and I delete proxy and dns on firefox. Do someone have an idea ? Thank you
Does anyone repeatedly get āFailed to submit form. Please try again later?ā Iāve tried everythingā¦but I canāt vote to reset the machine, anymore
there is unusual port open, do port forwarding to the local machine, capture traffic through burp.
did you add the ip to the host file??
Could someone explain why this is an easy one? It seems a bit long with tricksā¦it seems medium.
1 Like
Hey, hi! How are you? Iāve been stuck on the SEA machine for two days now. Iām in contact with them, but I donāt know what to do anymore. Could you help me a little, please?
Hey, hi! How are you? Iāve been stuck on the SEA machine for two days now. Iām in contact with them, but I donāt know what to do anymore. Could you help me a little, please?
1 Like
guys wtf going on with the password hash , i delete the backslashes ā" but cant crack it i got message 'Token Lenghtā on hash cat. I see is a bcrypt hash must be 60 characters long but idk what else to deleteā¦
Any hints???
***edit just found the password now going for the root flag
root flag was easy
1 Like
I have a problem with malicious link
I am using this exploit GitHub - prodigiousMind/CVE-2023-41425: WonderCMS Authenticated RCE - CVE-2023-41425
Does it the normal one?
Well this was definitely a frustrating foothold.
I almost tried the āeasierā path but glad I stuck with the script.
Definitely a learning experience not to rely heavily on some ārandomā script.
Read carefully and understand what is going on there.
Something is definitely wrong with it, but what ?
You can DM for help guys, but only after carefully inspecting said RCE.
1 Like
This machine is buggedā¦ Tryed to reset 4 times:
First time the form wasnāt avaible
Second time the form was not accepting any type of POST
Third time the machine was unresponsive
Last time, all the **S was completely ignored after 2 hour of waiting.
Very bad.
found monitor, found LFI on it, no idea anymore, help?
I have the same issue how did it work out for you?
For me what blocked me from getting initial foothold was that i was not getting through to the internetā¦ You have to customize something to get it to work. Go through it and understand what is happening and what it should do.
Exploitation wouldāve been far easier if the VMās had an active internet connection. Had to do some script modifications just to get a shell.
This machine was fun! The hard part was to deploy the shell into the machine, my recommendation for the beginners is stick to the basics, so when you get a shell what you want is to elevate the shell itself, once you find a password try to do the recon steps inside the machine. You will find some interesting services inside the machine. The root flag is an easy one to get once you find that service to exploit!
A little bit late ^^
Did someone get a root shell or you only get the flag?
The form always gives me āFailed to submit form. Please try again later.ā And the other users donāt want to do a reset. Is that me not getting something or is it the machine?