Mischeif

135678

Comments

  • I have problem with s**o
    My I please a hint? or better discuss...

  • @smjogi said:
    I have problem with s**o
    My I please a hint? or better discuss...

    enumerate more :)
    There is a linux command that will help you a lot to figure out what is going on.

  • Just when you think you have it and then nope.

  • edited July 2018

    I have question that people will understand who did root access to mischief box.
    Do I need to know password of [SPOILER] user?
    [SPOILER DELETE]

    Higgsx
    OSCP | GCIH

  • is a 127.0.0.1-only bound port relevant to getting user?

    you got to eat shit to know shit

  • Got user (FINALLY). What a ride so far!

    This box really gets you back to the fundamentals of enumeration and then some.

  • r00ted. Sneaky machine, really sneaky. Enjoyed it all the way up to user, root was kind of lame in my opinion.
    P.M. me if you need any nudges.

  • A really nice and nasty machine. Bravo @trickster0

  • I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
    Thank you
  • @kecebong said:
    I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
    Thank you

    Enumerate!

    pzylence
    OSCP

  • edited July 2018

    @pzylence said:
    @kecebong said:
    I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
    Thank you

    Enumerate!

    thanks, got 2nd login page, sqli and hydra none are working. am i on the correct path or rabbit hole ?

  • I'v enumerated with gobuster and dirb using dirbuster list but not finding anything after getting into the first login.... can anyone send a hint?

  • @adco said:
    Just when you think you have it and then nope.

    +1 -_-"

    pzylence
    OSCP

  • This box is fun! Loving it so far. Thanks @trickster0 !!!

    pzylence
    OSCP

  • Rooted this box, great box :D

  • hi all,
    i need some help iam stuck on this box. i have found a 02 creds and loged on web the creds dont work on ssh i already found the highest udp port and i have seen another web service running on . i think that was a relation between a udp port and web server. i dont know what?
    please help me iam stuck

    Raouf09

  • Hi all! I've found 3 ports, 2 creds. 1 leads me to index page. Dirb gives me nothing but the index page. I'm out of idea! This box is illusion.

  • tried a bunch of combinations with burp suite intruder on the second login page.. dont know how to proceed

  • @christo said:
    tried a bunch of combinations with burp suite intruder on the second login page.. dont know how to proceed

    back to basics, marty!

    pzylence
    OSCP

  • edited July 2018

    Rooted. Whew. Good box @trickster0

    hmgh0st

  • edited July 2018

    I am going mad with this machine what shell do i need to get the f***
    nvm

  • Privesc is driving me nuts.

  • just got user. that was a long ride!! now going for root. if you need help with user PM me

  • @B3h0ld3r said:
    Privesc is driving me nuts.

    enumeration is your friend here

    pzylence
    OSCP

  • edited August 2018

    get nmap enumeration SNMP ports boys lol :P

    Arrexel

  • please any one pm how to get user pass for secend web service

    Raouf09

  • edited July 2018

    alright thanks @xMrR0b0t. if spoiler, removed. - pzy

    pzylence
    OSCP

  • @raouf09 said:
    please any one pm how to get user pass for secend web service

    you already have credentials.

    pzylence
    OSCP

  • edited July 2018
    You 're welcome bro. I think that when there is too much info from enumeration and the comments here.

    xMrR0b0t

  • @xMrR0b0t said:

    > @pzylence said:
    > for those who are stuck where to go after getting first login page:
    >
    > if [SPOILER]. then rest is how you enumerate.

    I think that it is a major spoiler... When there is too much info from enumeration and the comments here.

    Is saying something is a spoiler even more of a spoiler since it confirms the spoiling?
    "The Spoils of the spoiler can not be his by right"
    -Dante Alighieri, Divine Comedy Canto XIII Ln 105

    Rantrel
    ~|OSCP|~

Sign In to comment.