Shocker

Np, I suggest to see @ippsec 's videos

Shocker was awesome, I too thought I’d enumerated everything I could think of, but then a simple switch of my scanning app and I found what the other 5 or so apps couldn’t.

@andrewh Yeah, dirbuster has found nothing of use for me, I tried all of its default word lists

dirbuster has some features that were quite handy for finding what i was looking for

wfuzz worked for me.

@SN3T Did it not even find any Dir’s? Try the medium or big list. Also try searching for some extensions.

i’m just lost, i’ve limited shell but cant figure how to escale it, any hints? please

enumerate in the shell

@andrewh Nope, I’ve tried medium list, not even a single dir, other than the ones that are forbidden

I tried a multi hours scan with dirb: with extensions-common.txt and big.txt. No success except a few 403 pages. Is it really that special to find the first entrance?

@daeladus I’m in the same step as you… FInd the entry point it’s a fucking pain in the ■■■!!

@daeladus paste your command… you should have found it

Here it is: dirb http://10.10.10.56 /usr/share/wordlists/dirb/big.txt -x /usr/share/wordlists/dirb/extensions_common.txt

Somehow embarrassing to ask for help for such a simple machine. Didn’t have such problems with other machines.

This will eventually find what you need. But it’s not very smart. Try to think what you are looking for. Maybe you have to search in a specific folder for specific files inside that folder.

From the box name, you have some idea of what may be relative to this box. Think about directories that may be exploitable for this box and start there. And think about file types that usually work in that directory. And think ‘old skool’. There were web applications before php and asp!

@alamot said:
This will eventually find what you need. But it’s not very smart. Try to think what you are looking for. Maybe you have to search in a specific folder for specific files inside that folder.

Yep, I’m totally aware of this non-smart scan. It was my last chance after some probable smarter scans. An no, it did not find anything specific (besides some 403 dirs). I’ll try to be smart again…

Never mind…did not think of THIS extension. Furthermore: a non-smart scan probably is not reliable. The extension was included in my non-smart scan for whatever reason, it didn’t find what I found a few seconds ago. It’s magic (or reset).

I have limit shell, any hint ?

@S4ck said:
I have limit shell, any hint ?

look for the ways to spawn the shell and priv esc without exploit. This is one method. There are other ways too. :wink:

@S4ck said:
I have limit shell, any hint ?

Removed Spoiler