Can anybody drop a hint on root? Tried using p**y but can’t seem to find anything interesting.
i think we have to use clel and py and li**h these three are the only which can help us to get root i was told by a guy who already got the root flag but he is offline now
I struggled for hours due to the lack of consistency in the cred exploit, even after tweaking the code to deal with faulty connections.
My advice: even if you are missing a couple of bytes of the end of a hash go and rock the part you are sure of by partial comparisson. The solution space is not big enough to bring false possitives
Hint for exploit: make sure to edit the script, especially if you’re on free. Make things less impatient to give you more accurate results, and make sure you’re pointing it at the right location.
my hint for root: It might be easier to find the priv esc vector on free server than in VIP.
at least i missed it for a long time focusing on the wrong thing (as quite a few seem to be doing, instead i am missing something obvious)
If anyone with root that understands the exploit mechanism can PM me, I’d be grateful. I think I understand the method, but I’m just not doing something right. Don’t want the solution, just to discuss my approach with someone.
I finally got root. Realized that I was overthinking things. The hint about what tool to use in this thread is helpful, but definitely consider all the output from that. I got down a rabbit hole for a while and when I took a step back I realized that the solution was a lot easier than the other things I was trying.
If anyone with root that understands the exploit mechanism can PM me, I’d be grateful. I think I understand the method, but I’m just not doing something right. Don’t want the solution, just to discuss my approach with someone.
Hello, I’ve been stuck with the w****** page for so long, checked if there is lfi in p***. found what’s running without wappalyzer, the probleme is I do not know the version, so I do not know what exploit to use. any hint will be appreciated as I am sure I am in the right path.
Edit: found the exploit and did the rest, gonna look for the user flag now.
thanks for the hint deviate, sm0n6
My hint would be it’s a fresh new box. peoplz hinted the exploit on how it’s user friendly… for the cracking you’ll be able to do it if you got the creds at the first place (did you even read the exploit …)
Hello, I’ve been stuck with the w****** page for so long, checked if there is lfi in p***. found what’s running without wappalyzer, the probleme is I do not know the version, so I do not know what exploit to use. any hint will be appreciated as I am sure I am in the right path.
If you found it without wappalyzer then maybe if look closer you can rule out certain CVEs