Recent Activity
Activity List
-
-
heya I'm stuck with the root flag, mind giving me a nudge? I know openssl is the entrypoint but I'm confused with the capabilities...
1:52PM -
-
heya I'm stuck with the root flag, mind giving me a nudge? I know openssl is the entrypoint but I'm confused with the capabilities...
1:46PM -
heya I'm stuck with the root flag, mind giving me a nudge? I know openssl is the entrypoint but I'm confused with the capabilities...
1:36PM -
Hi,
how can i get the SourceCode of upload.php? I can get over LFI the source of dashboard.php and Login.php but not the source for Upload.php?! Upload.php lies on another subdomain.
Thanks ThePioneer12:10PM -
-
Hi,
you wrote we can contact you so i will do it ;-)
i enumerate a lot of subdomains and smb shares. at hte friendzone.htb subdomains are 2 wich i can use over https. the other subdomains on friendzoneportal are all dead. at the haha dashboard site i can watch sourcecode of dashboard.php and login.php over LFI and now i am at the end of my knowledge :-(
can you give me a hint please where i should go on.
thanks and greeting
ThePioneersoryy i hope you can understand my bad englisch
10:39AM -
-
-
-
-
-
-
Hey, I've been banging my head forever on this Friendzone root. Think it has something to do with reporter.py and/or exim4, but I must be missing something obvious. Can I get a nudge in the right direction?
February 20 -
hey any tips on initial foothold for queier? I have the creds. I can get on using impacts tool. Doesn't look like I have permissions to do much. I have been weeding through databases. no luck
February 20 -
-
Hey, can I get a hint on how you got privesc on Friendzone? Been at it for a while, also don't get the "information-rich" hint. Gone down a bunch of rabbit holes with reporter.py and exim4.
February 20 -
-
any help with RCE on webpage... I am following the video tutorial and nothing is working...
https://blog.ripstech.com/2018/moodle-remote-code-execution/
I am injecting this command 0=(system('ls')) but not getting anything back...
February 20 -
-
also got default credentials for "CW1000-X Lyghtspeed Management Platform" ----> admin:admin
but not able to login. It keeps saying username or password incorrect.
What to do??
February 20 -
-
-
Hey, can you help me with the carrier machine.
I am not able to identify the default login credential for lyghtspeed. Even though i Know it is Cisco AS100.
Got UDP 161 port but while enumerating, I am getting this:-SNMPv2-SMI::mib-2.47.1.1.1.1.11 = STRING: "SN#NET_45JDX23"
End of MIB dont know what to do further.got some directories while dirbusting it but it will work once i logged in.
February 20 -
-
Hey, can you help me with the carrier machine.
I am not able to identify the default login credential for lyghtspeed. Even though i Know it is Cisco AS100.
Got UDP 161 port but while enumerating, I am getting this:-SNMPv2-SMI::mib-2.47.1.1.1.1.11 = STRING: "SN#NET_45JDX23"
End of MIBdont know what to do further.
got some directories while dirbusting it but it will work once i logged in.February 20 -
-
Hi! I have see your great work.
Hey do you have any tips why I'm unable to mget or get the Access Control.zip
I have logged in as anonymous and pulled the Backup.mdb
i placed it into a text file and I cant understand the what I'm missing to find the password.
I am new to the hacking world. Any tips would be helpful. Thank youFebruary 20 -
Hey man! I am trying to get initial access to teacher. I can't figure out how to get RCE with moodle! I have found this blog
https://blog.ripstech.com/2018/moodle-remote-code-execution/#substitute_variables
post that seems interesting but nothing is working... how did you go about doing this?
February 20
