Official Sightless Discussion

Rocky03 · November 5, 2024, 4:07pm

Is the Blind XSS for the Froxlor service a rabbit hole or what am I missing? I’ve tried with different injections and cannot find a way to make it work
Please someone can help I’m stuck

HenkWWW · November 6, 2024, 7:08am

I’m still stuck at user. I still don’t get it. I try to ssh with the etc sh**** cred. but I can’t login. Or do I have to do things from inside the whale it self? Thanks in Advance

HenkWWW · November 6, 2024, 6:10pm

It works now, the hash is different, I think someone changed the pass yesterday or something. Thanks anyway

Ox4dm1n · November 8, 2024, 5:48pm

Hello guys, I have the user shell and I get the credentials for froxlor admin panel, now I am totally stucked inside that panel, I don’t know how should I trigger the PE.
Any usefull hint?

0x15k · November 8, 2024, 6:23pm

Sightless pwned.

ajx · November 14, 2024, 12:43pm

did ya find a way around it

ajx · November 14, 2024, 12:45pm

hello am stuck at the froxlor login page can ya give me a hint or something?

ajx · November 14, 2024, 12:47pm

but how can you get the creds of the froxlor login page give me a hint or something please

Kemuus · November 15, 2024, 12:37am

i cant crack the user hash, can u give a hint ?

missnapalm · November 15, 2024, 3:05pm

Hi, I found the subdomain s***** and the Github PoC, but I don’t know how to adapt the payload for revshell. Can anyone give a hint?

entropyZero · November 15, 2024, 11:20pm

Guys! Help! This is what I’m getting when I try to access the hidden website on my local computer:

Domain not configured

This domain requires configuration via the f*****r server management panel, as it is currently not assigned to any customer.
Please ask your provider/hoster if you have any questions.

THX!!

Zoked · November 16, 2024, 1:17pm

cant find a wordlist to hashcrack, can someone help?

Ripen · November 17, 2024, 3:31pm

Hi, I’m stuck on the first reverse shell. Does anyone have any hints ?

mr9hacker6 · November 17, 2024, 3:32pm

same for me…

mr9hacker6 · November 17, 2024, 3:38pm

For me, rockyou.txt was completely sufficient

SpiderBlondie · November 17, 2024, 6:00pm

Getting the same error

seVen71 · November 17, 2024, 10:20pm

So i am beating my head against a wall here. I have user flag and now stuck. Perhaps an elementary education in CDP? Any help would be appreciated.

seVen71 · November 17, 2024, 10:22pm

perhaps its a domain issue. hosts, etc.

mr9hacker6 · November 18, 2024, 7:05pm

Do you have the hash? How does the hash start? With $6$...? Then it is a sha512crypt. Or starts with $5$...? Then it is a sha256crypt. Or is it a MD5-hash? You can detect it with hashid or hash-identifier. If you have found the hash-type, you can use hashcat with the correct hash-mode and the rockyou.txt wordlist. And so you can crack it.

Zoked · November 18, 2024, 11:01pm

already got user by ssh, any tip for root?

Topic		Replies	Views
Official Resource Discussion Machines	153	4557	November 23, 2024
Official OnlyForYou Discussion Machines	186	12446	September 7, 2023
Official Trick Discussion Machines	346	19840	December 23, 2022
Official Sea Discussion Machines	370	12796	December 19, 2024
Official Undetected Discussion Machines	62	5610	June 27, 2022

Official Sightless Discussion

Domain not configured

Related topics