[rafaforlife]

people saying it has smth to do with wondercms and they are referencing xss to rce, but idk how they got to that conclusion other than the img. help plz

[0xwww]

for root access, intercept the request to port 8080, and where you call the acces.log file, use command injection (;nc ....) and call your reverse-shell, thank you, you're welcome, now give reputation

[mhsoraa]

root log analyzer's source code: /root/monitoring/index.php

Hidden Content

You must register or login to view this content.

[glock05]

Escape
;your_command;id

[RedTeamer]

a shit box i ever seen in my life

there is simple trick to get user

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Selling in HTB | Trying to sell information posted for free

[4rrows]

Any hits for command injection on root...

amay@sea:~$ curl http://127.0.0.1:8080

Unauthorized accessa
may@sea:~$

It's because it require credentials, portforward to access it

[0x99189]

any hints on foothold i found a page /contact.php  it does call back my machine but i can't  think of any thing to do with it

machine is slow, callback comes after some time and then repeats

---

I still can't find a usable command injection
"No suspicious traffic patterns detected in /root/flag.txt"

---

Finaly im root. Interesting box

how you bypass the filter?

[noobhumein]

login page
http://sea.htb/index.php?page=loginURL

bro how you find WonderCMS lol please tell

[DeDeLaPouille]

For those asking me in DM for hints, i've got a 403 when i want to send an answer . So I will answer here

Basically, for port forwarding you can check this : https://www.ssh.com/academy/ssh/tunnelin...forwarding

For OS injection, check for previous post, there is a lot of hints about it.

P.S : anybody knows how to solve my 403 problem with my DM ?

[mazafaka555]

lol cheatlesian and niggerlte at it again

user: get some cuck htb employee to leak writeups to you so you know themes/revshell-main/rev.php exists by default (go check im not bullshitting)

root: basic command injection in the service on localhost:8080 (use an ssh forward)

LOL man. It's always funny to read your posts.  

and yeah.. this is what it means to have "appropriate friends" 

---

For those asking me in DM for hints, i've got a 403 when i want to send an answer . So I will answer here

Basically, for port forwarding you can check this : https://www.ssh.com/academy/ssh/tunnelin...forwarding

For OS injection, check for previous post, there is a lot of hints about it.

P.S : anybody knows how to solve my 403 problem with my DM ?

blacklist in DMs aren't allowing certain stuff like when you're trying 'php injections' (or what black filter thinks it is) or javascript and such.
you can put your code into pasterbin or related services instead and send a link toy it.