Writeup

Starting the discussion thread

writeup

not just name , its real writeup :slight_smile:

only 1 root own and 25 users, wow

edit: 1 root and 44 owns…

I feel like I’m staring right the vuln and am just over thinking things. Is the p*ge= the right path forward?

Type your comment> @Glasgow said:

I feel like I’m staring right the vuln and am just over thinking things. Is the p*ge= the right path forward?

there may be something there, but I got user another way.

I haven’t found there to be any vulnerable lfi, but i could be missing something.

I’d probably be. more helpful, but apparently I’m spamming. :stuck_out_tongue:

You have posted 2 times within 30 seconds. A spam block is now in effect on your account. You must wait at least 60 seconds before attempting to post again.

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m

Type your comment> @PwrZer0 said:

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m

try burpsuite

my dirb keeps stopping, and i can’t seem to enumerte with gobuster, or dirbuster
anyone else having this issue?

Type your comment> @0xAMS said:

my dirb keeps stopping, and i can’t seem to enumerte with gobuster, or dirbuster
anyone else having this issue?

Take a look on message in page… You’ll get a hint about what’s happening.

cant figure out if the part with creds is of any relevance! :disappointed:

I’ve trying to check everything that visible, I found pg= Am I in the right path?

Type your comment> @NeoBox said:

I’ve trying to check everything that visible, I found pg= Am I in the right path?

Maybe read the other posts? :stuck_out_tongue:

Type your comment> @hxmo said:

Type your comment> @PwrZer0 said:

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m

try burpsuite

I tried but I couldn’t reach anything useful up till now If someone could spot a light for me please PM !

Hint for user:
Don’t use dirbuster, gobuster, etc. there is no need to brute force directories. Look at a popular file you might find on a web server that is commonly misconfigured by admins thinking it actually makes it more secure. This will give you a start to where you need to be. If you don’t have this plugin, I recommend installing a Firefox plugin called wappalyzer, its a neat tool. Just enumerate. This should be more than enough to help you find what you need to use to get access. Next step, Queen - We Will Rock You (Official Video) - YouTube.

Type your comment> @PwrZer0 said:

Type your comment> @hxmo said:

Type your comment> @PwrZer0 said:

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m

try burpsuite

I tried but I couldn’t reach anything useful up till now If someone could spot a light for me please PM !

spider the target

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

wappalyzer*