Official Usage Discussion

Official discussion thread for Usage. Please do not post any spoilers or big hints.

Anyone else dealing with a huge amount of 503 Service Temporarily Unavailable responses?

No it works for me

Hello ^^, i found something to loggin as an admin but i dont undersatnd what i can exploit with it, can someone give a tips or something pls ?

Yeah I get that a lot

How to get to xander user

1 Like

I believe it is due to either some bruteforce or dir fuzz. For me it works fine normally and as soon as a start dir fuzz it gives me 503.

Laravel is making ma life complicated lol :grin: any help…?

Is the sqlinjection a rabbit hole?

Any hint for root please?

1 Like

Recon. See what binary you can work with, and figure out what happens behind the scenes.

the stderror doesn’t presist on the terminal nor is it logged anywhere, any hints ?

juste rooted :slight_smile: Very interesting VM
foothold: everything has already been said I think
laterale privesc: look what’s hidden
root privesc: keep doing what you’re doing, but in the right place

Yes, I noticed such errors when phasing, but if you use an old-school tool, then such errors do not appear. :wink:

1 Like

im stuck on dash, any hints?

some foothold tips would be very appreciated. my hunch is cookie related between xss/ssrf. not sure where to dive


I too found a subdomain with a login page but not sure as to how to proceed, it doesn’t appear to be sql injectable nor default creds work, if you can provide me with a hint it would be greatful

1 Like

You are one step to far. This page will be important, but you have missed something beforehand.

1 Like

I must be thick. I can’t seem to exploit the subdomain found. Can’t override the file type and laravel + csrf doesn’t help with burpsuite repeater. If you have any hints, that’d be greatly appreciated to gain a foothold

The subdomain is not exploitable as far as im aware of.