does anyone have resources on pentesting 8*** because i wanna learn more about this ?
Thanks in advance
Found a binary, looks interesting. Wonder how it’s meant to be run.
Found 8***, tried different injections on the forms, tried running a dict against the tp stuff (POST and GET, no joy on either). Played around with the sessid stuff, but that did go anywhere. S**-S****S throwing a 403 looks interesting, but im not sure how to get into it. Hunted through all the source of both sites and didnt find anything juicy. I feel lime im missing some really simple stuff.
Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess
Type your comment> @emmycat said:
Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess
Did you look at a raw response from 8****?
Edit: There is a distinct and unique keyword in that response that would be a useful Google keyword
Type your comment> @f00l8r1t3 said:
Type your comment> @emmycat said:
Anyone have any pointers or ideas? Im not thinking outside the tesseract I guess
Did you look at a raw response from 8****?
I’m in the same shoe, maybe I’m querying the 8*** wrong, but it is just an error that there is no path existing at the root. Must be missing something obvious but all the enumeration steps I usually do doesn’t come back with anything.
Same spot. Nothing in the raw response stands out…maybe I am missing something or lacking a specific technique…but a nudge in the thread or a PM would be nice
I put that raw into Google and it only came up with one page…am I in the right place or just noobing my way through this?
Rooted using unintended method. I’ll go back and do it legit in a couple of days, but until then here’s my hints for the foothold:
Find all running services, then read the docs
You might have found an interesting dir, try and find a file inside of it.
Once you have access, the first thing you get may not be right. Try a few times and you’ll spot a pattern.
To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
Experiment and extract. You may find certain things which overcomplicate it, but it’s simpler than it looks (not much though).
Type your comment> @clubby789 said:
Rooted using unintended method. I’ll go back and do it legit in a couple of days, but until then here’s my hints for the foothold:
Find all running services, then read the docs
You might have found an interesting dir, try and find a file inside of it.
Once you have access, the first thing you get may not be right. Try a few times and you’ll spot a pattern.
To bypass the protections, go back to something that should have come up in enumeration. A bit of guessing will get you what you need.
Experiment and extract. You may find certain things which overcomplicate it, but it’s simpler than it looks (not much though).
This makes tons of sense. Now I just need to find the right things thanks man, you’re a rockstar of nudges.
Stuck at 2FA
Type your comment> @f00l8r1t3 said:
I’m not down with OTP.
Yeah know me!
ok
How to run Pr*****.*** file? Some hints please, thank you!
Try taking a ‘walk’ over the file and seeing what you can find
@manfromkz said:
How to run Pr*****.*** file? Some hints please, thank you!
I’ve now got user (properly!) so here’s my hints.
- Watch running processes as usual
- Spot something interesting
- Use a script to tune in
Hmmm I’ve read through all of the t***p documentation to no avail. Wondering if there is maybe some hint I am missing as to what the “location” of a good enumeration point would be. Would it be helpful to go back and look at the original Player box?
Yeah, I’m with you @AcroTiger. The t**** docs gave me nothing to go off of. I understand exactly what everyone is referring to, and I understand how I am intended to communicate with it, but without a valid endpoint, how am I ever supposed to know where to start?
I’ve tried fuzzing for valid endpoints as well by response codes, and that was filtered and therefore useless.
Could use a nudge – been stuck at t**** since release.
Edit: I was fuzzing improperly. Check not only your wordlists, but your parameters. I was negligent where I shouldn’t have been. I didn’t need to filter response codes to get what I was looking for (if this is considered a spoiler, feel free to report).
@farbs Exactly. I tried using cewl
to generate a wordlist and try to find valid endpoints that way, but always receive the same “bad_route” response… Anyways, good to see an “Omniscient” stuck at the same point I am
@AcroTiger, @farbs, I thought I was going mad and missed something really obvious, so I’m pleased I’m not losing my mind and others are finding this difficult as well. Didn’t see anything in the material for t***p.
Type your comment> @phycomp said:
@AcroTiger, @farbs, I thought I was going mad and missed something really obvious, so I’m pleased I’m not losing my mind and others are finding this difficult as well. Didn’t see anything in the material for t***p.
In docs of this app you can find file type that determines how the application works (if you strugling to understand what is this file, look at examples in git repo)., and structure of client requests.
Docs tell how app works, no more. But nothing else is needed from them.
Guys, there is one endpoint and it.s in the definition of the service. LOOK CAREFULLY and see the examples in the docs. Think