I have the same issue how did it work out for you?
For me what blocked me from getting initial foothold was that i was not getting through to the internet⌠You have to customize something to get it to work. Go through it and understand what is happening and what it should do.
Exploitation wouldâve been far easier if the VMâs had an active internet connection. Had to do some script modifications just to get a shell.
This machine was fun! The hard part was to deploy the shell into the machine, my recommendation for the beginners is stick to the basics, so when you get a shell what you want is to elevate the shell itself, once you find a password try to do the recon steps inside the machine. You will find some interesting services inside the machine. The root flag is an easy one to get once you find that service to exploit!
A little bit late ^^
Did someone get a root shell or you only get the flag?
The form always gives me âFailed to submit form. Please try again later.â And the other users donât want to do a reset. Is that me not getting something or is it the machine?
I found how to access it, but there was a minor things, almost there little bit sad
ok so this one def wasnât as hard as it seemed, good intro to xss⌠i found 3 dif exploits for the CVE, but only one worked correctly (the one named âCVE-xxx-xxx.pyâ)
I never actually found the shell already on the system.
the rest was easy
yes that should work. windows defender will tell you the script is a virus, but you can git clone straight to vm
hello! what have you tried? after an nmap scan. you want to use gobuster (and FFUF more importantly) to enumerate directories, then see whats available to you on your browser. you will be able to find a CVE based on a certain service and its version. DM me if you still need help