Well, lets see… I’ve got 4 potential users with a dozen or so permutations per username, and 4 passwords with a bunch of different potential variations of those.
I could enter a couple hundred entries by hand trying them out, or I could automate it.
Hmmmmmmm.
“Maybe be more constructive with your criticism” - hip hop hoppotamus
Yeah I ran 2 enum scripts, found 3 things I could crack, nothing worked for logging in as another new user. Found one interesting binary I couldnt seem to do anything with. I’ll continue scavenging around.
I’m not sure what I’m doing wrong in getting the initial shell. I tried with certain scripts and manually but none of them seem to work :\ I’m starting to think there is something wrong with my kali machine… could someone PM me so I can see if i’m doing this the right way?
I’m not sure what I’m doing wrong in getting the initial shell. I tried with certain scripts and manually but none of them seem to work :\ I’m starting to think there is something wrong with my kali machine… could someone PM me so I can see if i’m doing this the right way?
Keep in mind that it’s you who’s looking for help. So, noone will probably PM you until you do that yourself. You keep enumerating the website, and if you’ve already found what you need then focus yourself at how the interpreter would appear to be useful in system enumerating.
Scratching my head to get the root. I hate binary exploitation.
Can anybody PM me and give me nudge?
You better learn basics of reverse engineering and debugging. I don’t think the binary exploitation part requires something much more than basics. So, that’s going to be good for you. Don’t rush, FB’s been already taken. But that’s only an advice, do whatever you like to.
so i have p**** int access, able to to view files, move directories, upload files, I still can’t manage to get a shell to pop back. I was wondering if i needed to continue with this path or if I should be attempting to access more legitimately on the lower port.