@s4rgey said:
Rooted! Great box, thanks to the creator!
As mentioned above don’t waste time to get reverse shell. Powershell has all needed to trigger your stuff. And of course Enumeration is the key )
what about the suggested exploit as suggested by whats in front of me (to do with something that not where it should be)
Can someone drop my a PM to make sure I’m not way off track. I found a very common vuln and managed to grab some creds from M********** table but not sure how to use them. Don’t want to give spoilers so please DM for more info. Thanks
Rooted. That took a little work, a bit of creativity, a lot of basic enumeration and headscratching but all the hints are pointing in the direction you need to go. Google and searchsploit on anything unusual you see. You don’t need to spin up a separate Windows box. Thanks to snowman418 for keeping me pointed in the right direction.
Could someone please provide me tips on initial foothold? Currently trying to use one of OWASP vulns, but not really making any progress in this direction. Can’t really seem to get any reponse out, except for errors so I know it is a valid way forward.
@linkerslv I used dirb but not with the common wordlist, then you should find a OWASP Vuln which should lead to more Information… Someone want to talk about Priv. Esc? I’m really close but missing something, maybe I’m just overthinking
I got a s** inje***** on mvc… is it useful or a complete waste of time? I didn’t find any creds yet here. Only a bin file. neither privileges to get output from an os shell by a s** statement. I’ll appreciate if someone could p.m me