Hi stuck for hours could someone help me with initial foothold
test reset-password functionality
not able to execute script after email validation bypass
I found reset password functionality is not validating the correct registered IDs too and gives 500 internal error. From above discussion it seems Im on right path. Any hints to proceed ?
What kind of web vulnerability can be particularly interesting with 500 error? Find the answer on this one and you will know what to do next
1 Like
Working on foothold. Found the admin password. Any hits on getting user access through the admin dashboard?
same!!
I just figured it out and got user.txt. DM me and I can pass along the CVE I found along with the POC
Learned a few lessons from this machine.
Been stuck for a solid 4 hours. Went down a SQLi rabbit hole.Thought I had a full DB dump and was quite disappointed. Iād really appreciate any tips or pointers
Been trying to figure this out and havenāt had any luck. Any more tips?
could use a hint for root. Stuck!!
Something with the databases.
Iāve tried sqlmap, but it tells me the email parameter is not injectableā¦
Currently have same issue. If you figure out a fix lmk!
You need to tweak some settings once you make a few observations. 500, 302+200. You should notice that 302+200 has 3 outcomes one of which is irrelevant. The other 2 are key. I donāt want to spoil it for others but hereās a couple hints.
āstring āWe have e-mailedā --suffix=ā-- #ā --technique=B
Still need to adjust the request and force sqlmap to use it. And this is only part 1 of several steps to get a foothold.
The nginx service for usage.htb is rate limited to 30r/s. I noticed that I needed to slow down some tools to just 2-3 threads to keep a load balance with other pen testers.
Rooted.
My advice for those having trouble going from user.txt to root.txt is to go for the lowest hanging fruits first. From there, the PrivEsc opportunities open up.
1 Like
If you are still stuck feel free to shoot me PM.
1 Like
