@jfredett said:
I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.
Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.
Keep looking, there’s a file that contains some plaintext information. You have to actually read through it though, it would be easy to miss if you skimmed too fast.
Folks, go with your instincts and don’t worry about DaVinci Coding forum posts. That said there are a lot of good hints in here. Enumerate, use google, keep notes and you’ll be good to go. Nice job to the creators
Can someone give me some hints on decryption, I’ve tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.
@hermajordoctor said:
Can someone give me some hints on decryption, I’ve tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.
I have tried bash loop with openssl and other tool, both yield no legible results with my settings. I am sure it is just a cli arg that has to be right but I have tried a lot of permutations of cipher and digest no progress yet, including with the Drupal7 encryption settings.
Must be blind by now got user.txt but cant secure myself to the other side must overthinking it and i like aliases but im in the cloud there too…as goes for www-data got that shell atm but privesc from that seems too unachievable for my skills level…hints would appreciated trough pm thanks anyone
@inspek said:
Must be blind by now got user.txt but cant secure myself to the other side must overthinking it and i like aliases but im in the cloud there too…as goes for www-data got that shell atm but privesc from that seems too unachievable for my skills level…hints would appreciated trough pm thanks anyone
nvm got the creds needed to secure m yself on the other side , python console now comes the h20 path
could someone help me out on this? i know what to do and i (assume) i know how to do it but i encounter strange permission problems and the tools i’m using behave weirdly. i’d just like to know if i’m doing it wrong, i got user and h2 console access. it just doesn’t like me and yeah ,i could try other stuff but i’d like to not use metasploit. don’t get me wrong it’s a powerful tool but it’s also very obscure sometimes and i’d rather take the rocky road and figure it out (unless it’s 1500 lines of bash script because f**k that noise)
@horrorshow1984 said:
could someone help me out on this? i know what to do and i (assume) i know how to do it but i encounter strange permission problems and the tools i’m using behave weirdly. i’d just like to know if i’m doing it wrong, i got user and h2 console access. it just doesn’t like me and yeah ,i could try other stuff but i’d like to not use metasploit. don’t get me wrong it’s a powerful tool but it’s also very obscure sometimes and i’d rather take the rocky road and figure it out (unless it’s 1500 lines of bash script because f**k that noise)
I’m in the same boat as you. Did you make any more progress?
@horrorshow1984 said:
could someone help me out on this? i know what to do and i (assume) i know how to do it but i encounter strange permission problems and the tools i’m using behave weirdly. i’d just like to know if i’m doing it wrong, i got user and h2 console access. it just doesn’t like me and yeah ,i could try other stuff but i’d like to not use metasploit. don’t get me wrong it’s a powerful tool but it’s also very obscure sometimes and i’d rather take the rocky road and figure it out (unless it’s 1500 lines of bash script because f**k that noise)
I’m in the same boat as you. Did you make any more progress?
You and horrorshow1984 PM me, I’ll see if I can help
Getting annoyed with Hawk, someone keeps Dossing the portal. Keep getting WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)
@hermajordoctor said:
Getting annoyed with Hawk, someone keeps Dossing the portal. Keep getting WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)