I can’t bypass 403… Are there any more hints?
Thx to the “nice person” who changed the tomcat user password over and over again.
I’m stuck, I know how 403 endpoints are secured but I don’t know how to bypass. 
EDIT: rooted! root is super very easy, but user and initial connection are not obvious.
Struggled with foothold and user. At least root was easy 
DM if you need a hint.
Jesus… Foothold was brutal… Once you’re on the box user/root are cake walks!
man these people, first when i doing nmap i got ssh keys… i ignore them that time… now second time with linpeas i can see it’s in written folders… well why people don’t delete once they are done…
Type your comment> @mayomacam said: > man these people, first when i doing nmap i got ssh keys… i ignore them that time… > now second time with linpeas i can see it’s in written folders… well why people don’t delete once they are done… Vouching for this. I started cleaning up as I went from all the files people left behind. I decided to ignore it all after my 5th file delete and just reset the box once I rooted. Foothold was a know how trick for the application you encounter (google a lot). User was brutal as well as many said. Start with looking around in common folders and find odd files. Root was very straight forward once you check what you can run as root on the user.
For people that got the foothold by themselves, how did you find the to***t vulnerability on google? I spent almost an hour on google trying to find a suitable vulnerability for that service, and I didn’t find that accu****x website that describes the vuln. I’m wondering if my googling skills are lacking.
I can’t seem to bypass 403 while deploying a file. Can someone give me a nudge? Doing the same trick that allowed me to get in in the first place
EDIT: I got foothold, ■■■ it was so obvious that I hate and love this machine simultaneously…
I’m on the same boat. I was looking for generic techniques (some hints on this thread definitely didn’t do me any favor…) but also for the front “technology”, thinking that was what I should dodge, whereas I neglected looking for the rear end to discover this very specific vulnerability. If you look for the back side specifically it’s one of the first results My google-fu definitely let me down.
I keep running into this bizarre error on my path to foothold
FAIL - Application at context path [/r] could not be started FAIL - Encountered exception ****
If anyone had this issue how did you get around it?
Hey so I’m on user. I see the .y** file that does the b*s and that whole process, but I’m not seeing how to lk them to the user L’s .ssh. May I have a nudge?
Classic asks for help and you figure it out in 5 minutes… -_-
Finally rooted not to easy
Thanks. Finally rooted. stucked at upload for too long.
one format got success, while another got Tomcat 403 error (not nginx 403, the same one got access to manager with no error), anyone knows why?