Official Trick Discussion

Official discussion thread for Trick. Please do not post any spoilers or big hints.

1 Like

Noob here. Any nudges or hints please

We can only help you when we know what you have tried already. Could you be more specific on where you are stuck?

Ive tried directory busting, look at page souce, looking for subdomains. Have a feeling it has something to do with smtp but what? i see no emails anywhere on the page either

Make sure to enumerate all the ports!


I’m administrator on the web but i don’t know how to continue…any hint please?


I will message you!

i saw what i needed as soon as i sent that!!!

There is an L** in index.php?p*** but i don’t know how to bypass the .php extension.

its a rabbit hole

guys, I don’t know hoy to bypass the .php extension, can you help me, pls?

what do you mean with that?

I just got the admin access and find a way to upload something but still can’t able to bypass that…any hints @anyone?

I’ve always find in the source php files something related to upload but I don’t know where is, any hint please?

Can’t find the subdomain, what I am doing wrong?

Just follow what @JacobE said!

enumerated all ports , still nothing … i need a nudge bro help me

1 Like

If you fully enumerated all the ports you would have new things to look at.

You can look up Hacktricks for information on how to enumerate each port.

Hey, got read on System and Admin. Any hint to move forward?

Hi guys.

Anyone could give me nudge on getting foothold? I got the authenticated access on the web app and spotted a potential vulnerability but haven’t figured how to exploit it (Would like to make it execute arbitrary code, but didn’t succeed so far).