- magento is vulnerable to 37977.py
adjust exploit settings so target url contains index.php/
- user.txt is at /home/h***s/user.txt
- get app/etc/local.xml...
- no need to wfuzz or dirbust anything.
- sftp access is chrooted, while httpd’s is not. both services are able to create and follow symlinks.
craft from hackthebox.eu is an easy machine with couple of interesting technologies implemented. needs a little bit RTFM’ing for rooting. Enjoy 🙂...Read More
after getting root i finally can take off my clown suit and post some tips and hints for hackthebox flujab box.
this post is about help vm from hackthebox.eu.
- wfuzz’ing helps 🙂 with help. it will reveal a piece of vulnerable support software there...
some tips and hints for hackthebox’s friendzone machine. walkthrough-style.
- doing a standard nmap scan, you can see a coupl...
Typhoon from vulnhub (https://www.vulnhub.com/entry/typhoon-102,267/) is extremely vulnerable VM...Read More
Some tips and hints for Curling VM https://www.hackthebox.eu/home/machines/profile/160
Quite easy and interesting machine...Read More