Posts: 23 Threads: 0 Joined: N/A (May 8, 2022, 11:14 AM)jon01 Wrote: (May 8, 2022, 11:09 AM)iamnoone777 Wrote: (May 8, 2022, 10:54 AM)Exited3n Wrote: (May 8, 2022, 10:41 AM)iamnoone777 Wrote: Look for the backend techno and what kind of cookie its
After that enum user
Still block on the root
I hope its not a rabbit hole :)
I have a ssh as user so i hope to it's not a rabbit hole x) The first blood get the root before the user so you afraid me that the user is a rabbit hole
but how did u get the secret key? Flask Unsign - https://github.com/Paradoxis/Flask-Unsign Posts: 43 Threads: 0 Joined: N/A Can't see the way to root... The box is flag CVE so i try all red cve flag from linpeas x) Posts: 23 Threads: 0 Joined: N/A (May 8, 2022, 11:24 AM)jon01 Wrote: (May 8, 2022, 11:19 AM)Exited3n Wrote: (May 8, 2022, 11:14 AM)jon01 Wrote: (May 8, 2022, 11:09 AM)iamnoone777 Wrote: (May 8, 2022, 10:54 AM)Exited3n Wrote: I hope its not a rabbit hole :)
I have a ssh as user so i hope to it's not a rabbit hole x) The first blood get the root before the user so you afraid me that the user is a rabbit hole
but how did u get the secret key?
Flask Unsign - https://github.com/Paradoxis/Flask-Unsign
how did u find about the flask ? a Posts: 23 Threads: 0 Joined: N/A (May 8, 2022, 11:50 AM)jon01 Wrote: (May 8, 2022, 11:26 AM)Exited3n Wrote: (May 8, 2022, 11:24 AM)jon01 Wrote: (May 8, 2022, 11:19 AM)Exited3n Wrote: (May 8, 2022, 11:14 AM)jon01 Wrote: but how did u get the secret key?
Flask Unsign - https://github.com/Paradoxis/Flask-Unsign
how did u find about the flask ?
a
trying to forge the key doesnot working though, for user blue flask-unsign --sign --cookie "{'logged_in': True, 'username': 'qwe'}" --secret 'secret123' --legacy
But i dont know user Posts: 11 Threads: 0 Joined: N/A Where to inject xss payload? Username/password at register? Posts: 23 Threads: 0 Joined: N/A (May 8, 2022, 12:01 PM)jon01 Wrote: (May 8, 2022, 11:53 AM)Exited3n Wrote: (May 8, 2022, 11:50 AM)jon01 Wrote: (May 8, 2022, 11:26 AM)Exited3n Wrote: (May 8, 2022, 11:24 AM)jon01 Wrote: how did u find about the flask ?
a
trying to forge the key doesnot working though, for user blue
flask-unsign --sign --cookie "{'logged_in': True, 'username': 'qwe'}" --secret 'secret123' --legacy
But i dont know user
blue is the username if u play in login , u will see if the user is valid it will five invalid login , and if username is invlaid , it thorugh invlaid credss Thx, thats works. How did u found about 'blue'? think i missed something Posts: 213 Threads: 0 Joined: N/A (May 8, 2022, 12:01 PM)jon01 Wrote: (May 8, 2022, 11:53 AM)Exited3n Wrote: (May 8, 2022, 11:50 AM)jon01 Wrote: (May 8, 2022, 11:26 AM)Exited3n Wrote: (May 8, 2022, 11:24 AM)jon01 Wrote: how did u find about the flask ?
a
trying to forge the key doesnot working though, for user blue
flask-unsign --sign --cookie "{'logged_in': True, 'username': 'qwe'}" --secret 'secret123' --legacy
But i dont know user
blue is the username if u play in login , u will see if the user is valid it will five invalid login , and if username is invlaid , it thorugh invlaid credss Thanks, that makes sense. So this way we can find out that "blue" is a valid username. As someone else mentionend, with the help of https://github.com/Paradoxis/Flask-Unsign I created a valid session cookie for that user. Now logged in as "blue", I can see two notes by blue. One note contains some FTP credentials. Posts: 19 Threads: 0 Joined: N/A When I sign up for ssh with Blue, I'm kicked out right away
Am I doing something wrong? Posts: 213 Threads: 0 Joined: N/A (May 8, 2022, 12:26 PM)Truss46 Wrote: When I sign up for ssh with Blue, I'm kicked out right away
Am I doing something wrong? Same for me. SSH gives me "This account is currently not available." However, the FTP login works. There is one file named policy.pdf. This line from the PDF might be useful: "Default user-password generated by the application is in the format of "username@site_name!" (This applies to all your applications)" Do we have any other usernames? Posts: 19 Threads: 0 Joined: N/A (May 8, 2022, 12:29 PM)Exa Wrote: (May 8, 2022, 12:26 PM)Truss46 Wrote: When I sign up for ssh with Blue, I'm kicked out right away
Am I doing something wrong?
Same for me. SSH gives me "This account is currently not available."
However, the FTP login works. There is one file named policy.pdf.
This line from the PDF might be useful: "Default user-password generated by the application is in the format of "username@site_name!" (This applies to all your applications)"
Do we have any other usernames? ftp_admin |
