Possibly Related Threads…

rootme1122 · Aug 17, 2024, 10:35 PM

(Aug 17, 2024, 10:28 PM)Anaunimans Wrote: we have lfi try get Data.db

or may be this dbstorage.js

osamy7593 · Aug 17, 2024, 10:37 PM

(Aug 17, 2024, 10:28 PM)Anaunimans Wrote: we have lfi try get Data.db

how u got it ?...

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

rootme1122 · Aug 17, 2024, 10:38 PM

(Aug 17, 2024, 10:37 PM)osamy7593 Wrote:
(Aug 17, 2024, 10:28 PM)Anaunimans Wrote: we have lfi try get Data.db

how u got it ?...

/_framework/InternaLantern.dll

carbonzillioxide · Aug 17, 2024, 10:42 PM

Identified a path

/home/tomas/LanternAdmin/bin/Debug/net6.0/LanternAdmin.dll

from an error message.
I tried to download it through the aforementioned path traversal or loading that module via the admin panel, but neither worked for me

letsnotencrypt · Aug 17, 2024, 10:46 PM

(Aug 17, 2024, 10:38 PM)rootme1122 Wrote:
(Aug 17, 2024, 10:37 PM)osamy7593 Wrote:
(Aug 17, 2024, 10:28 PM)Anaunimans Wrote: we have lfi try get Data.db

how u got it ?...

/_framework/InternaLantern.dll

Is it in dll ?

jsvensson · (This post was last modified: Aug 17, 2024, 10:50 PM by jsvensson.)

i'm trying to read FileUpload.dll - maybe there is a way to upload file not to static/images

(Aug 17, 2024, 10:42 PM)carbonzillioxide Wrote: Identified a path
/home/tomas/LanternAdmin/bin/Debug/net6.0/LanternAdmin.dll
from an error message.
I tried to download it through the aforementioned path traversal or loading that module via the admin panel, but neither worked for me

from path traversal it can't be done because www-data doesn't have rights to /home/tomas

drunkp · Aug 17, 2024, 11:01 PM

(Aug 17, 2024, 10:48 PM)jsvensson Wrote: i'm trying to read FileUpload.dll - maybe there is a way to upload file not to static/images

(Aug 17, 2024, 10:42 PM)carbonzillioxide Wrote: Identified a path
/home/tomas/LanternAdmin/bin/Debug/net6.0/LanternAdmin.dll
from an error message.
I tried to download it through the aforementioned path traversal or loading that module via the admin panel, but neither worked for me

from path traversal it can't be done because www-data doesn't have rights to /home/tomas

Datadb is probably with the binary. But then, that server is run by tomas, so www-data shouldnt have access to data.db either way.

nomx1337 · Aug 17, 2024, 11:04 PM

use path traversal for shell..

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

osamy7593 · Aug 17, 2024, 11:05 PM

(Aug 17, 2024, 11:04 PM)nomx1337 Wrote: use path traversal for shell..

How u gained the shell?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

Anaunimans · Aug 17, 2024, 11:05 PM

can we have sqli so then we can run shell command using sqlite's .shell utility

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] HackTheBox All Cheatsheets	Tamarisk	15	827	3 hours ago Last Post: 0x5k1z0
	CPTS-FLAG	darkcat	14	5,733	4 hours ago Last Post: Sukon
	[FREE] CPTS 12 FLAGS	pulsebreaker	78	2,615	4 hours ago Last Post: hitlerssecretsidechick
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	91	8,295	4 hours ago Last Post: hitlerssecretsidechick
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	381	94,565	7 hours ago Last Post: xixi75