Official Trick Discussion

I found the ma****ing sub-domain, what should I do next? It seems nothing interesting :frowning:

2 Likes

There definitely is something interesting there. Keep looking at the domain and check common vulnerabilities.

Did somebody change the password? I found the login creds 2 days ago now they dont work anymore.

it have an interesting parameter

Path Traversal is your friend

Any hints for tooling to find the subdomain(s)? I have tried fuzzing with wfuzz, sublist3r, theharvester, dig, amass, metasploit, nmap, dnscan, dnsenum, all of them to no avail. Please do let me know!

You need to find a subdomain that isn’t on your wordlist, but can still be bruteforced. Look at what the other subdomain looks like and predict what another one might look like. Then bruteforce when you have an idea.

Enumerate the DNS

Thanks for the reply’s. I am still stumped and have tried everything i know and google how to do, i am more than over it at this point. Anyone willing to DM me a more substantial hint?

DM me if you want

is fa**2b** the right way for root? Conf files are overwritten so fast i’m not able to keep up with executing my code.

Thanks you guys for your help, I got the user. I was so stupid that didn’t realize that filter could be easily bypassed.

Go faster :slight_smile:

tried, moving conf file works, but Im not able to trigger the ban?
EDIT: got it, was just not able to get rev shell

Is someone available to help me. I got to admin page. Thanks to all the hints here. I’ve tried dns enum but I keep getting errors and don’t know what to do! Please dm me.

If anybody could help me with the list of things that i would need to generate to find stuff drop me a dm please dont want to give any clues

hi
could you help me pls ?
i enumirated ports
how did you get admin panel ?

hi iam stucked in dns 53 and smtp
i searched bind debian exploits
but ddnt find anything userfull

i stuck in admin panel

Send me DM.