Endgame

On second step now :slight_smile: @waywardsun did you finish?

Seriously though folks, if anyone wants to bang their heads on the wall with me, drop me a line… misery loves company :wink:

any hints for starters on where to look?

right now, i’m trying to brute the mssql and find interesting file/dir on the iis

Looking for people to brainstorm with this on, as well. I’m right at the end (I think), but my Windows skills need some improvement.

@evandrix said:
any hints for starters on where to look?

right now, i’m trying to brute the mssql and find interesting file/dir on the iis

brute not the way to go… enumerate more on the iis

Every step is at its best. I stretched myself to great extent. Simply loved the endgames.

Hey guys, is it a common thing, that websites on starting point address of XEN are not working? If no, could sime of you just vite to reset xen? Thx

NVM, it’s working again…

Anyone still working on this? xD

anyone working on this? could use a nudge on the first step for P.O.O., Feel like I’ve enumerated everything on IIS (methods, vhosts, creds, dirs/files etc). I was able to find an interesting information disclosure vuln but am not able to connect the dots…

Working on P.O.O, disclosed something which I may be able to look into.

Edit: Found some interesting directories, but I don’t see how I can access the info in them

anyone can help me how to move ahead I am stuck at 2nd step for xen

@clubby789 said:

Working on P.O.O, disclosed something which I may be able to look into.

Edit: Found some interesting directories, but I don’t see how I can access the info in them

That’s a shame… ■■■■ those Mac junkies and their short eight second tantrums! (or was it three?)

could someone help found two ways both asking for credentials still stuck at the web page :frowning:

Step one done, already feels like a real ride. I think I may know the path to two.

Edit: Flags 1, 3, 4 got. Wonder where 2 is…

@clubby789 any progress on step 2

Anyone would like to exchange notes for poo?

Finally finished, really excellent experience. Learnt loads about AD.
Hints:
1 - There are two infoleak vulnerabilities you can combine here
2 - Follow the links
3 - Go back to something you found earlier
4 - Digging a tunnel will speed things up
5 - Why guess info when you can change it?

Hi everyone

Any hint for hades after first shell?

THX

XEN 3rd part, I’m getting prxxxin timeout error, I think my config are correct, any hints anyone please?, stuck there are 2 days :frowning: