@millerangello said:
Hi guys,
I know the vulnerability and tried to get some information from the database. But when I am putting longer things it is throwing the error and short queries did not give me anything. Searched lots of sources for different syntax, none of them worked. Any ideas?
You’re overthinking. You’re on the right track but keep it simple
In the first step (web-app) I know which thing I have to use in order to get to the DB but it tells me that that thing has already been used and I can’t use it anymore. Do I have to reset the box everytime?
@elio said:
In the first step (web-app) I know which thing I have to use in order to get to the DB but it tells me that that thing has already been used and I can’t use it anymore. Do I have to reset the box everytime?
@p3tj3v said:
ok… so logged in on the web page… pulled some notes…
connected to a different service where I can read and write files…
but then what probably something basic…
if anyone can send me a small nudge… would be much appreciated.
Stuck at the same step
Had an idea to find a folder corresponding to share’s n**-s***, but dirb doesn’t help
Maybe this helps:
@starcraftfreak said:
Just an update. Due to the box being bogged down the first few days by massive brute forcing attempts I was never able to do a full scan of the box. Once I did a full scan I found what I needed to gain user.
Then, look for files in n**-s*** you find in other places…
Hi guys,
I am stuck on the Web App Login because I cannot find any table which provides anything. Enum of all Tables doesnt work either.
Would someone be so kind and provide a hint?
Edit 1:
So I am one step further. Found logon infos for a user which connects two services to each other. I can upload files into a directory but have no idea how to get a shell from there.
Any hints would be appriciated.
Could someone give me a hint on where I should start? I tried enumerating different pages, but cant seem to find anything. Injection also appears be be unfruitful.
Can anyone help me out getting the root flag? I have an interactive shell within the special environment running as root, but it only runs under context of the user starting the process (user.txt user in my case). I think I have carried out all other normal Windows enumeration for privesc and haven’t come up with anything yet… any advice?
Nice box, but someone keeps resetting it and it’s completely unnecessary. Also, brute forcing is NOT how you get in this box, neither is blasting it with any tool other than the basic enumeration.
Edit: Rooted. Very clever way of rooting. If you’re stuck, the answers you seek are in front of you.
@DataPush3r said:
wilsonnkwan, maybe just write a tutorial next time. Oh wait, you did… ;|
Not many people are as smart as you, even with that, people still need to figure it out.
Sorry if this is spoiler to you guys
You could of just posted the link to the shell you uploaded, that way they wouldn’t even have to read your post. Just click the link and get a shell.
Your not even giving them a chance to figure it out on their own. Thats the thing