Hello,

I took the exam a few weeks ago and couldn’t get past the AD box’s web app (hence I failed) so now I’m going back to the labs to try to get the bonus 10 points get more practice. So now I’m stuck at the lab exercises for AD that also has a web app vulnerability that needs to be exploited and I truly have run out of ideas on what to do? (I suspect I need to get a web shell somehow but I don’t know how)

I feel like I’ve been throwing everything & the kitchen sink at these web apps but can’t get anything. I’m pretty weak at web app attacks and I’ve been watching Ippsec’s videos on Youtube but he makes XSS etc look so easy but I can’t seem to do it myself…

I somehow made it past the Web App Attacks (Chapter 9) but when the web app is attached to AD boxes I just… can’t?!

Any advice?

Thanks!