Netmon

Accidentally gleaned user while doing enum. Think I have system but the box keeps resetting…

Type your comment> @deafheaven said:

@st4rry said:
I’ve got the dbcredentials pr******* pass: PrT8 . Am I on the right path ? I cannot login the web page with default cred prt , prt** . Any nudge please ?

Change them little bit.

Thanks deafheaven: I’ve got this.

@Gizmet said:
so got user sorted…and finally got into the web app… where to go from here any ideas?.. I think first i need to know what GUI or Command line type program to be even looking at to use injection…burp?..

Google for the WebApp : before doing this check what version of webapp is installed.

Type your comment> @st4rry said:

@Gizmet said:
so got user sorted…and finally got into the web app… where to go from here any ideas?.. I think first i need to know what GUI or Command line type program to be even looking at to use injection…burp?..

Google for the WebApp : before doing this check what version of webapp is installed.

Thanks st4rry, working on it …in-between the constant resets !

commoon … the box have been suffering a lot of DOS … its not DOS exploit … please stop it … its crashing the box … and please don’t change the password :frowning:

@achayan said:
commoon … the box have been suffering a lot of DOS … its not DOS exploit … please stop it … its crashing the box … and please don’t change the password :frowning:

ROOTED … people please don’t change the password

I have the user flag and I’m even into the admin console. Could anyone drop me a hint on how to make the blogs solution to work? I cannot even get to work the example that it provides to get a shell or something! PM me! :slight_smile:

@Michelo said:
I have the user flag and I’m even into the admin console. Could anyone drop me a hint on how to make the blogs solution to work? I cannot even get to work the example that it provides to get a shell or something! PM me! :slight_smile:
PMing

any hint for root

Type your comment> @st4rry said:

I’ve got the dbcredentials pr******* pass: PrT8 . Am I on the right path ? I cannot login the web page with default cred prt , prt** . Any nudge please ?

Ohhh! Thats a big spoiler I think :smiley: I was searching for the password in the files and when I saw the number in your comment I inmediately knew what to search for. Then grep **** and found it.

Thaaaaank you! :lol:

I’m currently stuck on the syntax from the blog, i can see my arguments appear in the **.d file but i cannot get it to do what i want. Anyone able to drop a PM with a hint please?

WTF.
I tried a cred for like 100 times. It didn’t work. But it worked for 101st time.

Guys stop changing login creds. Admins, Kindly take care of such nuisance causing elements.

Rooted. Give me a shout if you need a hand

Type your comment> @epsequiel said:

Type your comment> @st4rry said:

I’ve got the dbcredentials pr******* pass: PrT8 . Am I on the right path ? I cannot login the web page with default cred prt , prt** . Any nudge please ?

Ohhh! Thats a big spoiler I think :smiley: I was searching for the password in the files and when I saw the number in your comment I inmediately knew what to search for. Then grep **** and found it.

Thaaaaank you! :lol:

Oh , I’m glad it works ! :lol:

rooted thanks to @jagomezg for helping me with the last part :slight_smile:
PM for help if needed

Type your comment> @st4rry said:

Type your comment> @epsequiel said:

Type your comment> @st4rry said:

I’ve got the dbcredentials pr******* pass: PrT8 . Am I on the right path ? I cannot login the web page with default cred prt , prt** . Any nudge please ?

Ohhh! Thats a big spoiler I think :smiley: I was searching for the password in the files and when I saw the number in your comment I inmediately knew what to search for. Then grep **** and found it.

Thaaaaank you! :lol:

Oh , I’m glad it works ! :lol:

In case it didn’t work for you here’s my advice as retribution for your ‘unintended’ help: a slight change in one digit can help :smile:

This machine does not even need resets. People why the ■■■■ are you resetting it again and again?!

EDIT: Rooted. This machine is easy. But then people happen. I’d appreciate if people try harder. There’s a reason you are given FTP, that too with anonymous login. It does involve some guessing, but then you’re given solution of that too in the forums when it is specified that you should take care of the time. Pretty vague but absolutely helpful when you see that.

I think people are resetting all the time, thinking the standard creds found on web are the way in, and then believing the creds have have been changed so they cant get in lol I thought the same until someone pointed me in the direction of Fza … being able to see more folders than i could with command line f** lead me to the actual creds needed, albeit with a little “update” :slight_smile:

also big respect to |Root| for helping me ! :slight_smile:

Edit, ive still not got root, with the constant resets its holding me back from working out the next part…

Type your comment> @epsequiel said:

Type your comment> @st4rry said:

Type your comment> @epsequiel said:

Type your comment> @st4rry said:

I’ve got the dbcredentials pr******* pass: PrT8 . Am I on the right path ? I cannot login the web page with default cred prt , prt** . Any nudge please ?

Ohhh! Thats a big spoiler I think :smiley: I was searching for the password in the files and when I saw the number in your comment I inmediately knew what to search for. Then grep **** and found it.

Thaaaaank you! :lol:

Oh , I’m glad it works ! :lol:

In case it didn’t work for you here’s my advice as retribution for your ‘unintended’ help: a slight change in one digit can help :smile:

Yeah, mate I’ve got this. Thanks. :smile:

Anyone able to give me a steer on c****** I********? I’m certain I have the correct syntax but it’s not giving me anything back.