any hints?

Overview Forums Sticky Finger’s DV-Pi any hints?

Viewing 12 reply threads
  • Author
    Posts
    • #13093
      thedude
      Participant

      Would you mind relaxing the “no spoilers” policy? The numerous walkthroughs that exist for other intentionally vulnerable images are really valuable. I’m not sure where to even start with this attack, tbh. Is it a hidden service? Is it a web hack? The documentation doesn’t even mention what kinds of applications we should be targeting.

      If you could list, roughly, what we need to do in order to get started on this, it would be really appreciated.

      By the way… what does editing hosts to include the pi actually accomplish? Navigating to it by IP and by hostname just pulls up a link to your wordpress site.

    • #13516
      0han
      Participant

      Can’t agree anymore, I have no idea what to do and can’t even find a start point. I thought it’s part of the interesting things cuz you also have no idea about your target exclude the url in real world.

    • #13517
      Re4son
      Keymaster

      Which DV-Pi?

    • #13518
      0han
      Participant

      I was trying the easy one.

    • #13519
      Re4son
      Keymaster

      Any open ports?

    • #13520
      0han
      Participant

      only 80 and 22 opened, are we suppose to start the other services like sql at the first place?

    • #13521
      Re4son
      Keymaster

      What’s listening on 80? Just apache or a CMS?

    • #13522
      0han
      Participant

      I thought it’s apache I have to check the log later

    • #13523
      Re4son
      Keymaster

      How did you do your fingerprinting of port 80?

    • #13524
      0han
      Participant

      It’s Apache 2.4.10
      I use whatweb to detect it

    • #13525
      Re4son
      Keymaster

      I’d dig deeper. It’s very rare these days to find a vanilla Apache installation that has no CMS sitting on top.

    • #13526
      0han
      Participant

      Alright, thx for ur work

    • #13776
      Gover
      Participant

      As I am a bit struggling to get started with DV-PI (easy version),I was wondering if there is anywhere another more vulnerable image with more information available on how to do the job?

Viewing 12 reply threads
  • You must be logged in to reply to this topic.