never mind, got it. Was looking for something a lot more complex
Iāve already seen this binary but no idea how to use it to gain access as root
Spent an embarrassingly amount of time to get foothold
Foothold: test every functionality of the app, there are not a lot of them
User: again, there are not many things you can do (albeit more than the first step), but it was easy to find just by googling around with what the app gives you
Lateral Movement: standard stuff, not much to say
Root: If youāve been doing boxes for a little bit of time you probably came across a technique very similar to this one, hacktricks can help you if you know what youāre looking for
Thatās what I have in mind, that you once you register you could maybe get some sort of credentials or cookie that you could use for the foothold in the subdomain. This is my thought or initial plan at least, I could be wrong but thatās what my senses are telling me to proceed with.
Hints on getting foothold?
use this to avoid getting a 503 when using gobuster | grep -v āStatus: 503ā
By doing this, you will donāt have results.
You get a 503 because you send too much request at one time
as said in previous posts
- foothold : try every possible form user input and you should notice something. After exploiting this further, getting a revshell will be really easy.
- horizontal escalation : just explore the machine
- root : try to see what happens. As said before, there is a very known privesc that is similar to this one, hacking tricks will help you
Someone know what is the vulnerability in this machine , Iām stuck.
Rooted, was a fun machine and root had me stuck for a bit. Everything has already been said here so im not going to leave anymore hints. If you are stuck feel free to DM.
anyone have any additional tips for foothold? im confused about the usage of the tool.
Finally rooted. Was a lot new in the end.
Can confirmed the hints given.
Foothold:Enumerate and try everything you find.
Lateral:Just look around.
Root:Understand what everything you find does.
Finally rooted.
Foothold: Guys research is everything, look at every available functionality to get foothold.
Look at the obvious functionality on the admin panel to get the RS.
Leteral Movement: One more easiest part, gather local info and get access to another user.
PrivEsc: The easiest part of this machine, just look what your user can do with high privileges, and what access do you have on the fs.
Looking at foothold, I think I might have found something but not sure. Would appreciate a nudge from anybody.
Just started this box and while exploring the website and trying different injection payloads on user inputs, i found that the forgot email section gives a 500 server error whenever anything with a single quote is entered ('). Is this something I should further investigate or just keep moving on?
you should test everything then only move to next
Tip on foothold: donāt be afraid of 500 errors
Iāll leave this hint here for privesc, but Iām not sure if itās the correct way, if anyone knows if I did it wrongly, please DM me, Iām really interested in the correct way
Note1: actually, you donāt need to gain root privileges, you just need peek at privileged files by exploiting the tool youāre allowed to run
Not really a hint, just a clarification about note1: you can gain root privileges using the same approach, just use the files in the root home.
anyone help me for after uploading the php shell and redirection but i got file not found
Hello, am stuck at foothold. I found that reset passwod may be vulnerable because of 500 status and also it will return 302 if certain condition match, but not able to proceed further any help will be great.