Official Stocker Discussion

try checking with S#$ %%%%%ion… It has login mechanism so might something is stored which you can exploit…

Umh can’t recall but the PE is the one i sent you before…

Absolutely, I sent you a DM related to it :heart:

Can someone give me a hint, I am so close: I found the mongodb-connection string in index.js but obviously cannot connect to it because the port is not open. Do I have to make another iframe injection? Or do I need a different file?

Nevermind, I found it. DM me if you need help. :slight_smile:

Incorporating AI into cyber security is the future I think.

1 Like

When I try to get to the subdomain …stocker. htb, I get a message “view router info” and a redirect to https://…stocker.htb/cgi-bin/index.cgi which is my ISP info router stuff. I updated the etc/hosts file already also.
Yet, I’m able to get to stocker.htb with no problems.
What I’m doing wrong here, that I can’t reach that URL?

Hello, i got to a really got point with the machine but i need to undestand a quick thing before continueing, may i dm you?

Surely, any time you wish :heart:

I tried go******* and sub****** for enumeration but it keeps giving me error on 301 i also added file on etc/hosts but no avail. Whats the solution

Worst box ever…i dont know if its just for my vpn server or for everyone but after bypassing login i cant see the items and the “view cart” button is non functional…its annoying because this is an easy box a more difficult one showing such bad errors would’ve been more acceptable.

I think it’s your openvpn set up which is causing problems: I had a similar issue by visiting a website through a virtual machine with a vpn set up on my host machine. Maybe try to launch the openvpn instance in the vm you use to attack…

Hey I got stuck when when burp tells me it found /login insread of /stock. All it does is web page not found. Do you know why this is? Thanks