Type your comment> @menessim said:
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frameDont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
So with the missing missing parameter error, is there a smarter way to figure out the parameter other than brute force? I’ve made a wordlist of everything I can think of relating to t**p and fuzzed it with several parameters at the same time, but I haven’t got anything.
Edit: got it! Thanks for the help everyone.
Type your comment> @SniperXD said:
I got the p****/ge*******.p**** file, am i in the right direction? cuz the curl doesnt work…
curl works but it is also possible to reach without curl.
I love the documentation man! It’s so plausible.
Type your comment> @vrls said:
Type your comment> @menessim said:
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frameDont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
reached the same location too, but stuck with getting ‘invalid action’ or server errors… is this a rabbit hole?
EDIT: 'doh! finding the missing param was so obvious that I ignored trying it early on. Goes to show that you should enumerate all possibilities and not assume anything (;
Type your comment> @hackerB31 said:
Type your comment> @vrls said:
Type your comment> @menessim said:
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frameDont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
reached the same location too, but stuck with getting ‘invalid action’ or server errors… is this a rabbit hole?
EDIT: 'doh! finding the missing param was so obvious that I ignored trying it early on. Goes to show that you should enumerate all possibilities and not assume anything (;
Yup! Helps to ask it for what you need.
got user!
don’t bruteforce t*** a** params, but ask for what you need.
thanks for the nudge @dontknow
Seriously, what am I missing for initial. I have stepped away to regroup and read more. Not giving up, but I am obviously missing or overthinking something. Can someone point me to something. Thank you.
This root looks really Insane…
Got user. Gonna have to pass on root now as it looks to be above my pay-grade. Find me on Discord for hlep 
Type your comment
How to start pwning root binary? Usually i find bof, but for this bin i did not found anything like that. I am trying to find any leak or place where i can write input, but i just dont see any weak spot.
Can someone send article explaining how to find weak spot in this bin? I dont know what to google.
Type your comment> @dontknow said:
How to start pwning root binary? Usually i find bof, but for this bin i did not found anything like that. I am trying to find any leak or place where i can write input, but i just dont see any weak spot.
Can someone send article explaining how to find weak spot in this bin? I dont know what to google.
I’m stuck on the binary as well, can’t get pwndbg show me the thing I want to exploit. If somebody reads this and know about gdb/pwndbg/pwntools please DM me…
So, think I’m on the right track with the service. Making a request, but now getting Call to undefined function? I’m literally following the example in the documentation? So what am i doing wrong if we don’t need more than that?
EDIT: Figured it out was not sending the right variable, but again… I was following the Documentation example to the letter… so little puzzled by this one
Type your comment> @virtualgoth said:
So, think I’m on the right track with the service. Making a request, but now getting Call to undefined function? I’m literally following the example in the documentation? So what am i doing wrong if we don’t need more than that?
EDIT: Figured it out was not sending the right variable, but again… I was following the Documentation example to the letter… so little puzzled by this one
I was with you on that one, they referred to the element inside the definition in the example.
got user , did not find any binary
Type your comment> @hackerB31 said:
Type your comment> @vrls said:
Type your comment> @menessim said:
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frameDont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
reached the same location too, but stuck with getting ‘invalid action’ or server errors… is this a rabbit hole?
EDIT: 'doh! finding the missing param was so obvious that I ignored trying it early on. Goes to show that you should enumerate all possibilities and not assume anything (;
So you need an “action” and some parameters? I really don’t understand how to validate the format of the request is correct. Seems I can supply any value for action. What’s the best way to approach this, other than being psychic?
Type your comment> @virtualgoth said:
Type your comment> @hackerB31 said:
Type your comment> @vrls said:
Type your comment> @menessim said:
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frameDont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
reached the same location too, but stuck with getting ‘invalid action’ or server errors… is this a rabbit hole?
EDIT: 'doh! finding the missing param was so obvious that I ignored trying it early on. Goes to show that you should enumerate all possibilities and not assume anything (;
So you need an “action” and some parameters? I really don’t understand how to validate the format of the request is correct. Seems I can supply any value for action. What’s the best way to approach this, other than being psychic?
SAME ISSUE HERE. I fuzzed like 8K of words, plus all the ones like backup, SMS, OTP, TOTP, blah blah blah. I know I will feel stupid once I get past it, but I have searched on actions for TOTP to no avail.
I get error:
double free or corruption (!prev)
Program received signal SIGABRT, Aborted.
maybe way to root?
