Vulnerability in pre…-m……, try to find vuln there.
thanks a lot
I’ve found the 3rd subdomain, and I see where to input the vuln. . . however I cant get it to work. . . anyone able to give me a nudge?
This webpage has everything you need.
Thanks. I’ve tried everything on that page and I only ever get a blank page in return.
Not sure what I’m doing worng
Finally rooted!
DM me for some hints. And what you tried on that box.
1 Like
Try …/./ for bypass WAF
Don’t use the web browser, try the same in another tool. Hope that helps 
so where did you FUZZ? im stuck to.
I have the domain trick.htb, but I don’t know how to list subdomains, or what list of words to use
mhh I have access to the portal via s*****, but stuck now. p** filter work on some of the content. There’s a file include in the source, d*_*******.**p I’d like to LFI but not sure this is the way…
Rooted. . . thanks @BrainSick for the little nudges!
Spoil More
I’m identified the L** on p******-mar****** as my attack surface but I’m stuck, people keep saying to bypass WAF but I dont even see it kicking in anywhere. Can someone msg me? This is my first real machine on htb
I identified the service and I changed the related file, however I cannot trigger it because I don’t have permission to restart the service. I already got the user. Am I on the right path or should I approach the problem in different ways?
Look closer… you’re on the right path
Think about WHEN your file is triggered by service.
In MP
thank you.
Currently working on getting root. I have discovered the service that I have elevated permissions for, and I’ve found a certain related directory I have write permissions to.
However I’m struggling to get the syntax right, or perhaps I’m doing the wrong thing. Should I be attempting to overwrite something existing (by being fast enough when things are recycled) or creating my own?
EDIT: Nevermind, figured out how to write the file I needed, now to figure out how to trigger a ban…
EDIT2: Got it. If anyone gets stuck feel free to DM me for nudges.
1 Like