Sense

Can someone shoot me a PM please? I found a spot to upload … this the right path?

use wfuzz with a specific extension

@roguesecurity said:
totally lost SENSE in this box. Did dirbuster but couldn’t find anything useful. can anyone PM me the hind.

+1

if you dont find with dirbuster, then try another tool, dirbuster can be good and very bad.

Got user and root. Extremely sensible.

Let me see if I got it right: it will be a file on web server that discloses the login credentials?

@zelsonm1 said:
Let me see if I got it right: it will be a file on web server that discloses the login credentials?

It is rated as ‘easy’… it took me a week to figure it out.

More like took a week to hit the dirbuster wordlist lottery. I get enumeration is supposed to be the name of the game with these boxes, but you don’t need to make it obnoxious. Just choose common wordlist entries, the result is the same whether you bruteforce for an hour or a minute.

@Pratik said:
Got user and root. Extremely sensible.

I am inside the Panel can you guide me what to do further? I saw place where i can upload files i dont where these files are getting stored so if upload a shell i dont know its path

@D4n1aLLL try harder. Enumerate more, do some research and you will find the answer

so has the login credentials changed since the default ones are not working ?

@netarg said:
More like took a week to hit the dirbuster wordlist lottery. I get enumeration is supposed to be the name of the game with these boxes, but you don’t need to make it obnoxious. Just choose common wordlist entries, the result is the same whether you bruteforce for an hour or a minute.

Glad its not only me who has struggled with this. Taken longer to do enum on the this host then any other. Totally agree with point about the common word list values or a cell on website text

@zelsonm1 said:
@D4n1aLLL try harder. Enumerate more, do some research and you will find the answer

Can you hint me something ? :slight_smile:

@D4n1aLLL said:

@zelsonm1 said:
@D4n1aLLL try harder. Enumerate more, do some research and you will find the answer

Can you hint me something ? :slight_smile:

Enumeration: what can be found on Internet about this product version? What did a certain file says about it’s security issues?

the hint for the first step is around searching by extension? I do not find anything at all

@Zaiuss said:
the hint for the first step is around searching by extension? I do not find anything at all

Spoiler Removed

@zelsonm1 said:

@D4n1aLLL said:

@zelsonm1 said:
@D4n1aLLL try harder. Enumerate more, do some research and you will find the answer

Can you hint me something ? :slight_smile:

Spoiler Removed ?

Thank you almost there buSpoiler Removed

@D4n1aLLL said:

@zelsonm1 said:

@D4n1aLLL said:

@zelsonm1 said:
@D4n1aLLL try harder. Enumerate more, do some research and you will find the answer

Can you hint me something ? :slight_smile:

Enumeration: what can be found on Internet about this product version? What did a certain file says about it’s security issues?

Thank you almost there but still cant get my command to get executed since / and other symbols are not allowed

Same problem,Spoiler times, but not anymore, even when followed the same process in the example

@puerkito66 said:

@D4n1aLLL said:

@zelsonm1 said:

@D4n1aLLL said:

@zelsonm1 said:
@D4n1aLLL try harder. Enumerate more, do some research and you will find the answer

Can you hint me something ? :slight_smile:

Enumeration: what can be found on Internet about this product version? What did a certain file says about it’s security issues?

Thank you almost there but still cant get my command to get executed since / and other symbols are not allowed

Same problem, Spoiler , but not anymore, even when followed the same process in the example

Add me on slacks or DM me

Spoiler For me the problem is afterwards. No way to execute anything