Official discussion thread for Usage. Please do not post any spoilers or big hints.
Anyone else dealing with a huge amount of 503 Service Temporarily Unavailable responses?
No it works for me
Hello ^^, i found something to loggin as an admin but i dont undersatnd what i can exploit with it, can someone give a tips or something pls ?
Yeah I get that a lot
How to get to xander user
1 Like
I believe it is due to either some bruteforce or dir fuzz. For me it works fine normally and as soon as a start dir fuzz it gives me 503.
Laravel is making ma life complicated lol 
any help…?
Is the sqlinjection a rabbit hole?
Any hint for root please?
1 Like
Recon. See what binary you can work with, and figure out what happens behind the scenes.
the stderror doesn’t presist on the terminal nor is it logged anywhere, any hints ?
juste rooted 
Very interesting VM
foothold: everything has already been said I think
laterale privesc: look what’s hidden
root privesc: keep doing what you’re doing, but in the right place
Yes, I noticed such errors when phasing, but if you use an old-school tool, then such errors do not appear. 
1 Like
im stuck on dash, any hints?
some foothold tips would be very appreciated. my hunch is cookie related between xss/ssrf. not sure where to dive
Hello,
I too found a subdomain with a login page but not sure as to how to proceed, it doesn’t appear to be sql injectable nor default creds work, if you can provide me with a hint it would be greatful
You are one step to far. This page will be important, but you have missed something beforehand.
1 Like
I must be thick. I can’t seem to exploit the subdomain found. Can’t override the file type and laravel + csrf doesn’t help with burpsuite repeater. If you have any hints, that’d be greatly appreciated to gain a foothold
The subdomain is not exploitable as far as im aware of.