[WurumDurum]

Someone on Download? Found something useful as a potential direction?

[photographer1]

i got an hint about prototype pollution. but i dont know much about it so still trying

[cutty]

You want to use this: https://github.com/DigitalInterruption/cookie-monster

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming | Contact us via http://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion/contact if you feel this is incorrect.

[timizart]

Trying to enumerate the admin creds ..{id = 1, username= "admin"}.., inject it through the cookie and upload into his Panel

[DataNinja]

Some hints for root?

check the ssl certificates

[th3strik3r]

Some hints for root?

check the ssl certificates

Hey any nudge for the user flag?

[DataNinja]

Some hints for root?

check the ssl certificates

How, only editing the postgresql.conf file and pg_reload_conf(); ?

when you connect to the postgres server if you check the privileges you have the pg_write_server_files role and can copy files as postgres and for example you can copy the /bin/bash file and give it suid permissions and be able to access as postgres user
check this
https://book.hacktricks.xyz/network-serv...le-writing

[LoadError]

update on root from postgres?

[stealthfun]

You want to use this: https://github.com/DigitalInterruption/cookie-monster

hey man how did you manage to download cookie monster it is not being installed on my end

try using node v8.17, it runs fine with that

[4ip0k]

You want to use this: https://github.com/DigitalInterruption/cookie-monster

hey man how did you manage to download cookie monster it is not being installed on my end

open `/cookie-monster/bin/` and run in terminal ./cookie-monster.js