Possibly Related Threads…

rootme1122 · Aug 17, 2024, 10:35 PM

(Aug 17, 2024, 10:28 PM)Anaunimans Wrote: we have lfi try get Data.db

or may be this dbstorage.js

osamy7593 · Aug 17, 2024, 10:37 PM

(Aug 17, 2024, 10:28 PM)Anaunimans Wrote: we have lfi try get Data.db

how u got it ?...

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

rootme1122 · Aug 17, 2024, 10:38 PM

(Aug 17, 2024, 10:37 PM)osamy7593 Wrote:
(Aug 17, 2024, 10:28 PM)Anaunimans Wrote: we have lfi try get Data.db

how u got it ?...

/_framework/InternaLantern.dll

carbonzillioxide · Aug 17, 2024, 10:42 PM

Identified a path

/home/tomas/LanternAdmin/bin/Debug/net6.0/LanternAdmin.dll

from an error message.
I tried to download it through the aforementioned path traversal or loading that module via the admin panel, but neither worked for me

letsnotencrypt · Aug 17, 2024, 10:46 PM

(Aug 17, 2024, 10:38 PM)rootme1122 Wrote:
(Aug 17, 2024, 10:37 PM)osamy7593 Wrote:
(Aug 17, 2024, 10:28 PM)Anaunimans Wrote: we have lfi try get Data.db

how u got it ?...

/_framework/InternaLantern.dll

Is it in dll ?

jsvensson · (This post was last modified: Aug 17, 2024, 10:50 PM by jsvensson.)

i'm trying to read FileUpload.dll - maybe there is a way to upload file not to static/images

(Aug 17, 2024, 10:42 PM)carbonzillioxide Wrote: Identified a path
/home/tomas/LanternAdmin/bin/Debug/net6.0/LanternAdmin.dll
from an error message.
I tried to download it through the aforementioned path traversal or loading that module via the admin panel, but neither worked for me

from path traversal it can't be done because www-data doesn't have rights to /home/tomas

drunkp · Aug 17, 2024, 11:01 PM

(Aug 17, 2024, 10:48 PM)jsvensson Wrote: i'm trying to read FileUpload.dll - maybe there is a way to upload file not to static/images

(Aug 17, 2024, 10:42 PM)carbonzillioxide Wrote: Identified a path
/home/tomas/LanternAdmin/bin/Debug/net6.0/LanternAdmin.dll
from an error message.
I tried to download it through the aforementioned path traversal or loading that module via the admin panel, but neither worked for me

from path traversal it can't be done because www-data doesn't have rights to /home/tomas

Datadb is probably with the binary. But then, that server is run by tomas, so www-data shouldnt have access to data.db either way.

nomx1337 · Aug 17, 2024, 11:04 PM

use path traversal for shell..

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

osamy7593 · Aug 17, 2024, 11:05 PM

(Aug 17, 2024, 11:04 PM)nomx1337 Wrote: use path traversal for shell..

How u gained the shell?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

Anaunimans · Aug 17, 2024, 11:05 PM

can we have sqli so then we can run shell command using sqlite's .shell utility

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	98	8,935	1 hour ago Last Post: Zacker90
	SVCHOST Injector 2026	opsecmaster67	0	66	7 hours ago Last Post: opsecmaster67
	Cold Seal 5.6 cracked Sensitive information can be exposed or stolen	opsecmaster67	0	58	7 hours ago Last Post: opsecmaster67
	EagleRAT v2.5 Create backdoor access points	opsecmaster67	0	53	7 hours ago Last Post: opsecmaster67
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	43	3,503	8 hours ago Last Post: qwertyuiop0987654321