blocky..foothold help..hints only

i have enumerated everyhtinh found so much...too much info.....which way is the right way ? ftp server ?

Comments

  • edited October 2017

    ** Spoilers removed - Arrexel **

  • look at what is in each directory and what esch file can contain. Remember developers arent the most security minded individuals

  • thanks man let me see

  • Everything you need is there. Enumerate and cross check all the information you can find.

  • Actually, I did the following but still no idea what should I go.

    I used dirb and nikto and got few directories and I can see a folder contains many .php file however, php is not downloadable and some xml file is not really useful.

    Furthermore, I do see some huge and mass javascript files. tried to look into detail but not much information found.

    I also google the "ssh [version I found in nmap] exploit", tried few script and not seems not vulnerable.

    Maybe i overlooked some information and any hints are appreciated. thanks!

  • edited November 2017

    Since you've used dirb you have found some directories that you can visit.
    HINT: visit the directories - one of them contains interesting files...

    game0ver

  • edited November 2017

    @game0ver said:
    Since you've used dirb you have found some directories that you can visit.
    HINT: visit the directories - one of them contains interesting files...

    As @game0ver said, visit those directories... but WITH YOUR BROWSER.
    After that, and with your enumerations, figure out where to use that info. Don't overthink ;)

    Puerkito66

  • Thanks for comment and finally, I got this machine root access.

    Actually, I aware the file but I use textpad to open and it's binary. Someone given me advise on how to extract some text inside then i see the light on. I can get the user access and then struggled a while for the root privilege to make it.

    Thanks for Pentester720, he given valuable direction to me on this machine.

  • at last got the user hash password. Do I need to crack it to get the ssh?

  • wahahaha at last got the root. Thank you all for the tips :D almost gave up on this for several weeks already. These forum discussion really help a lot to solve the machine :)

Sign In to comment.