Canape

im new. I find exploits, but exploits go to a 5xxx port (couch) that is closed. I would attack it from http. Any hints or something to read by dm?

Can someone help me with this please … Send me a DM .

I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

Use https://github.com/internetwache/GitTools/tree/master/Extractor

@protsenko said:

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

Use https://github.com/internetwache/GitTools/tree/master/Extractor

You have to enumerate a little bit more .

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

nope. have a look inside the directory. there is a file where you can get the exactly url to use to clone it.

Roooot, thanks all xD, PM if you need help :slight_smile: "

Can someone expound on how to narrow down where to look for vector for initial foothold? Dirbuster gave a lot of output so even just looking at the 200 response code is overwhelming ? to say the least. Every directory opens so far is bogus!!!

Just rooted. Really enjoy the journey!!.

Is some1 online right now to ask smth.I think im super close to first reverse shell but im stucked!!!I think i do smth wrong on encoding

can someone pm me on initial foothold, i have the u*****e working recreated in my environment and had the hash file path working however keep getting 500 errors??

(deleted)

@protsenko said:

@tt0t3s said:
I’m having a ■■■■ of a time trying to clone a repo. Is there some kinda trick to this that is different from how I would normally do this?

Use https://github.com/internetwache/GitTools/tree/master/Extractor

this is the best clue ever, thankyou bro

Finally got root on this bad boy, by far has been the hardest box I’ve done and I really learned a lot. A day before it gets retired, just couldn’t wait for that =P

Machine is super unstable. I was able to clone the git repo and find some info but still cant get user! AHHH! If anyone is willing to provide a nudge, please let me know

rooted! that was a wild ride! thanks @otaman for the nudge! Paying it forward, feel free to PM if you need help!

Good day guys, I got reverse shell but am having issues exploiting the db, got a particular db that I have access to but can’t get datas out of it, hints on resources to check out??, Thank You

Hi all, I have a really strange problem. I am on to getting RCE. Wrote my exploit to get a reverse shell. When I execute it with my IP and Port as reverse IP and Port, I get a 500 Server Error. However, if I give any arbitrary IP (not mine), the exploit works. Has anyone an idea about what I’m doing wrong? Any hint is greatly appreciated

Box is retired just go read up the write up or check ipsec video on YouTube

@Afolic said:
Box is retired just go read up the write up or check ipsec video on YouTube

I still want to do it on my own… What does retired mean, after all? It is still reachable, webserver still running. Does it mean, reverse shell is not possible anymore?