OMG I didn't realize the first RE only matches the BEGINNING... I spun up a bind DNS server and served a TXT record with my payload after the include: because that's a wildcard match :D :D :D
Always good to have some recon going in the background to see if there are other subdomains the server will route to. On this box, I found the vhost in the source before I remembered to launch my own recon. Also, it's a good idea to rerun Nmap scripts after you add a discovered vhost to your host file so that Nmap can follow the redirect. I've almost missed ".git" directory on another box because for some reason my feroxbuster didn't find it but rerunning Nmap with the vhosts added to /etc/hosts found the .git
IppSec's opening nmap statement before every box is comparable to Bruce Buffer's, "Let's get ready to rumble!!!!!!!!!!"
Excellent. Very cool box and writeup
It’s a walkthrough not write up 😊
Love you!
Great thanks for sharing! the last part was pretty hard
brutal
First Comment
OMG I didn't realize the first RE only matches the BEGINNING...
I spun up a bind DNS server and served a TXT record with my payload after the include: because that's a wildcard match :D :D :D
Push!
Awesome box
awesome box! how did you do to make a reverse proxy on ssh without reconnecting again to ssh?
He used the internet
start ssh with "-o EnableEscapeCommandline=yes" (or put that into your ssh config file), then in the ssh session, press ~C
What have you done with Firefox that open a linke in new tab..
你的那个visual studio检查漏洞的插件叫什么名字额?请麻烦告诉一下,好吗?
snyk
do you solve the labs before recording or is it all live?
How did he know to do VHOST with gobuster near the beginning?
Always good to have some recon going in the background to see if there are other subdomains the server will route to. On this box, I found the vhost in the source before I remembered to launch my own recon.
Also, it's a good idea to rerun Nmap scripts after you add a discovered vhost to your host file so that Nmap can follow the redirect. I've almost missed ".git" directory on another box because for some reason my feroxbuster didn't find it but rerunning Nmap with the vhosts added to /etc/hosts found the .git
Only for me, Ipp? 🥺
Only for fans...
Hi there!
For me, bypassing the "Hacking Detected" in the LFI I URL encoded the ../ and it worked!
than, I had access to any file in the machine
I tried the similar URL encoding, but it got identified
%2e%2e%2fetc%2e%2e%2fpasswd
@@PrakashKumar-se1qku need to put a “/“ at the beginning as that’s the bypass in the source code