It has been suggested to use Wfuz but when I use it I only receive two of the domains I’m missing the third for some reason.
Rooted ! This is a medium foothold, with an easy privesc ! For anyone lost ! or in need of a hint hit me wih a DM ! 
I was stuck on subdomain for 3/4 days until someone told me where to fuzz, if not for that I would still be stuck 
can You nudge me how You got that ??
Hi tec, Could you give me a hint on how to get to the local configuration file? Thanks
a common vuln can access local files (not L**).
use it to read default website configuration.(search the server provider online if not familiar)
@tec I’m interested in learning about this if you’re willing to share via PM. Already got user / root on the box.
Is it normal that the machine timeout like every 1-2 mins or its my connection?
I got to the user flag but till now i dont have command access, i am looking into SMTP and LFI, am i in the right direction?
check for basic privesc enum !
1 Like
i really thought about everything except the obvious 
Thanks!
1 Like
Please any hint on how to get r***** shell on the box
I tried uploading the payload in a file, it’s stored in the t** directory. But I can’t seem to access it with the l** on pr****-ma****ing subdomain
no need for r***** shell. think easy.
this is enough.
2 Likes
Can I dm you
Can people stop deleting the conf files?
it’s the automatic task on the machine running every 3 minutes, reset the directory for other users to solve.
Does anyone have a personal write-up document that they can share privately?
I enumerated the port where i can get the domains i got an interesting one that led me to an admin page and then i used an automated tool to get username and password through famous injection method but now im stuck dont know what to do next
can i get a nudge please thanks
It’s a rabbit hole. Try to find any subdomains
i only found three
do you mean there another subdomain to p********-p*****.**.
or is it higher subdomain