Postman

5 minutes to go, everyone ready?

clubby789

  • GCIH
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Tagged:
«13456710

Comments

  • Yup, can't wait. Wonder if it is indeed going to be easy with such rating or it's going to be another of those ""easy"" that's actually more like hard lol

    rowra

  • Nmap taking ages. There goes any chance of FB lol

  • Anybody bumped into that login page after getting rejected using a fairly new 0day?

    trollzorftw

  • @trollzorftw said:

    Anybody bumped into that login page after getting rejected using a fairly new 0day?

    The specific vulnerability for that seems to have been disabled. I got a 500 back from the server

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • I got something back for that but was unsuccessful, if its the 0day I think your talking about it only effects versions downloaded from sourceforge apparently

  • Found 2 services on higher-ish (non-random) ports and supposedly working exploits for both, neither of which worked. Great lol

    rowra

  • edited November 3

    I'm confused which enumerate higher port or lower one :)

    Edited:

    Have Access to the box with low priv shell. :) going for escalation

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • edited November 2

    r***s and w****n

    10*** /pawod_chne.c*i intresting backdoor

  • Type your comment> @rholas said:

    r***s and w****n

    10*** /pawod_chne.c*i intresting backdoor

    doesn't work though. At least didn't for me

    rowra

  • edited November 2

    The exploit on r***s should work?

  • edited November 2

    Type your comment> @rowra said:

    Type your comment> @rholas said:

    r***s and w****n

    10*** /pawod_chne.c*i intresting backdoor

    doesn't work though. At least didn't for me

    POST man

    Access denied for 10.10.14.xx. The host has been blocked because of too many authentication failures.

  • Type your comment> @UrielY said:

    The exploit on r***s should work?

    Yes

    trollzorftw

  • Low privelige shell got, let's see what's next...

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • Type your comment> @trollzorftw said:

    Type your comment> @UrielY said:

    The exploit on r***s should work?

    Yes

    what if it doesn't? no session was created :/

    rowra

  • Type your comment> @rowra said:

    Type your comment> @trollzorftw said:

    Type your comment> @UrielY said:

    The exploit on r***s should work?

    Yes

    what if it doesn't? no session was created :/

    You should play a bit with the CLI and realize that you need to edit your script a little

    trollzorftw

  • edited November 2

    @trollzorftw said:

    Type your comment> @rowra said:

    Type your comment> @trollzorftw said:

    Type your comment> @UrielY said:

    The exploit on r***s should work?

    Yes

    what if it doesn't? no session was created :/

    You should play a bit with the CLI and realize that you need to edit your script a little

    I used r***s to get a shell as the user r***s, can I use a script to get a higher privelige user or does it lead to the same shell?

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • Type your comment> @clubby789 said:

    @trollzorftw said:

    Type your comment> @rowra said:

    Type your comment> @trollzorftw said:

    Type your comment> @UrielY said:

    The exploit on r***s should work?

    Yes

    what if it doesn't? no session was created :/

    You should play a bit with the CLI and realize that you need to edit your script a little

    I used r***s to get a shell as the user r***s, can I use a script to get a higher privelige user or does it lead to the same shell?

    I had the same idea, but I can't access the higher privilege user folder, im getting permission denied.

    trollzorftw

  • R***s service cli look > @rowra said:

    Type your comment> @trollzorftw said:

    Type your comment> @UrielY said:

    The exploit on r***s should work?

    Yes

    what if it doesn't? no session was created :/

    I used tnet and ncat working fine with me. :)

    but the command syntax for listing directory annoying little bit.

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • Found W***** but cant seem to find the r***** that some have mentioned. A hint would be welcome.

  • Type your comment> @ZeWanderer said:

    Found W***** but cant seem to find the r***** that some have mentioned. A hint would be welcome.

    Scan again, and scan ALL

    trollzorftw

  • @trollzorftw said:

    @ZeWanderer said:
    Found W***** but cant seem to find the r***** that some have mentioned. A hint would be welcome.

    Scan again, and scan ALL

    I thought of doing that, however it seems like because of the amount of people doing that, seems to be essentially DDoSing the machines, should we just keep cancelling the resets in shoutbox?

  • Type your comment> @trollzorftw said:

    Scan again, and scan ALL

    Found it, thanks!!

  • im completely stuck. Both the exploits i thought to work dont work either cause i cant config it right, or i just dont understand it....

    I found r***s and w****n but dont have any sort of clue how to use em

  • Same - got low privs shell - kinda lost on whats next - still enumerating...

  • Type your comment> @j3wker said:

    Same - got low privs shell - kinda lost on whats next - still enumerating...

    How did you get low priv shell? My R***** and W***** exploits keep failing

  • Rooted. A tad CTF-like, but pretty fun.

    Foothold: Scan everything. The next step is well documented.
    User: Enumeration scripts should find it, you won't have to go too deep.
    Root: You might have seen a method you couldn't have used earlier, you can now.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • Ok so slight update:
    One exploit i tried apparently worked, but...theres no session that was created :/

  • Type your comment> @ZeWanderer said:

    Type your comment> @j3wker said:

    Same - got low privs shell - kinda lost on whats next - still enumerating...

    How did you get low priv shell? My R***** and W***** exploits keep failing

    I'd like to know as well...nothing I normally do with r***s in the wild is working for me.

  • Type your comment> @MonocleHat said:

    Ok so slight update:
    One exploit i tried apparently worked, but...theres no session that was created :/

    haha me too, i got a little excited when i saw the exploit going green, then showing a "no session created" kinda bummed me out xD

    We shall try harder :)

  • Type your comment> @Crashie said:

    Type your comment> @MonocleHat said:

    Ok so slight update:
    One exploit i tried apparently worked, but...theres no session that was created :/

    haha me too, i got a little excited when i saw the exploit going green, then showing a "no session created" kinda bummed me out xD

    We shall try harder :)

    I need another box to rank up ;-;

Sign In to comment.