@iswearimnotalu said:
I’ve managed to get the classic Windows hash through Resr and xp_* of \G****\s***y, but cracking it with john I get ‘NO PASSWORD’, so doesn’t seem to me the right road.
Any hints?
Use hashcat with rockyou.txt and best64.rule
Thanks!! Now I’ve to figure out where user:pass work, since “I have to contact the gateway administrator”
Hey, I’ve managed to access the app and web PS but I couldn’t find a genuine user, I know a genuine user from the error messages, am I going in the right direction? bruteforce this user creds?
@iswearimnotalu said:
I’ve managed to get the classic Windows hash through Resr and xp_* of \G****\s***y, but cracking it with john I get ‘NO PASSWORD’, so doesn’t seem to me the right road.
Any hints?
Use hashcat with rockyou.txt and best64.rule
Thanks!! Now I’ve to figure out where user:pass work, since “I have to contact the gateway administrator”
EDIT: nvm, got it! Needed to reset
dude dis guys letry put every on the machine WTF>>> this fricking sploiler man you actualy told every body what to do lol :))))))))))))))))))))))))))))
Hey, I think I have found some interesting files for user that might contain credentials but I can’t really read them and I’m stuck. If anyone could help me out I would appreciate it
I got foothold & am dumping, found a few other owasp top 10s (critical). Could use some guidance from someone who has beaten it. Also wondering if giddy is linked to another box im working on where Ive obtained what appears to be ddns sec hash or ripe320
This is one of the boxes that if you know the technology, you will know what to do but if you don’t you will be bashing your head against the keyboard.
Can only say -
Initial foothold - typical enum. Try adding '… and look at Frey’s Comment on 24 Sep.
On Privesc - Hint in first folder you see, just dig.
Does the initial foothold have something to do with xp_******ll or xp_****ee? Been playing around with it for hours but can’t figure out how to get it to function.
@The5thDomain said:
Does the initial foothold have something to do with xp_******ll or xp_****ee? Been playing around with it for hours but can’t figure out how to get it to function.
in the same place, found the injection but cant seem to get anything useful.
Wow - learned a lot with this one. Special thanks to @vasusethia for the assistance. Not sure I would have found the initial method to user without a point in the general direction. Did end up utilizing a Windows VM like some others. Nice build @lkys37en
Hmmm found vulnerability that allowed me to eventually get NT… Used John and hashcat with best64 and got same result for both but can’t access the panel on web with those creds! Am I missing something? Or do I need a reset?