What do you do when you can't find the way in during a pentest? I KNOW there is an RCE somehow, I'm just not smart enough to find it.
*cries in n00b*
I've run multiple iterations of nikto, ffuf, wfuzz, sqlmap, nmapAutomator, a variety of NMAP scans, scripted, and manual enumeration techniques. I have a list of vhosts that have been discovered, with at least one that wasn't in DNS. I reviewed source code for apps, and every single CVE and report on potential issues I could find, and still no luck.
Guess I'll take another break and go sit outside for a bit.
#pentest #pentesting #cybersecurity
st justin :debian: /
npub1sn…2sypa
2024-04-10 20:43:40
Author Public Key
npub1snjlr75qstkns5vgaysvfnftdtmq3sjxd7wurg0a6gac0yrph98qg2sypaPublished at
2024-04-10 20:43:40Event JSON
{
"id": "31f0b919aade5a1847330e0b9daf4eb614c319729a55d46caa7cf43325491aab",
"pubkey": "84e5f1fa8082ed385188e920c4cd2b6af608c2466f9dc1a1fdd23b879061b94e",
"created_at": 1712781820,
"kind": 1,
"tags": [
[
"t",
"cybersecurity"
],
[
"t",
"pentesting"
],
[
"t",
"pentest"
],
[
"proxy",
"https://infosec.exchange/users/jgmitchell303/statuses/112248869380054500",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/jgmitchell303/statuses/112248869380054500",
"pink.momostr"
]
],
"content": "What do you do when you can't find the way in during a pentest? I KNOW there is an RCE somehow, I'm just not smart enough to find it.\n\n*cries in n00b*\n\nI've run multiple iterations of nikto, ffuf, wfuzz, sqlmap, nmapAutomator, a variety of NMAP scans, scripted, and manual enumeration techniques. I have a list of vhosts that have been discovered, with at least one that wasn't in DNS. I reviewed source code for apps, and every single CVE and report on potential issues I could find, and still no luck.\n\nGuess I'll take another break and go sit outside for a bit.\n\n#pentest #pentesting #cybersecurity",
"sig": "cb9c59fdde8dd8f1304e068cadfa626f91ac90638dc74a2fef1ebe6893d46049acb8a5edd548c280013a935897d2705fe32fead881bc2322b4ef7dab45e40597"
}