Type your comment> @1uffyD9 said:
> Type your comment> @acidbat said:
> > Hi everyone,
> > I’m very stuck on user...
> >
> > Been reading the posts here and trying to figure out the hints...
> >
> > I found the authentication page in /wr**u/a***n
> > And thought, ok this I could logon to using metasploit (as in locating the creds)
> > But no success (I used the common wordlists with kali)
> >
> > I also found the exploit for the certain app being used for the site (well it looks like the exploit that everyone is referring to) but looking at the code it seems I need to get some more info from the site to add to the code.
> > That info I think is part of getting access to the site mentioned at the start of my comment.
> >
> > So any hint/nudge for me to get user?
> > Am I on the right track?
>
> DId you run the script without any arguments?? what it says??
Was actually the wrong exploit.
Think I got the correct one now, and now I get the TIMED hints. ?
Back to trial and errors :)
You’ll get that… um sure… keep trying … heheee
Sigh, banging my head on the TIMED…
Doesn’t matter what I enter it goes speedy fast and server will close connection.
Trying to understand the hints, looking at source page, inspecting but I must be very blind…
Thanks to a post from @BashShabakate0 I finally saw the thing I’d been pspy’ing for. I really enjoyed this box, especially for the linux priv esc practice.
Thanks to a post from @BashShabakate0 I finally saw the thing I’d been pspy’ing for. I really enjoyed this box, especially for the linux priv esc practice.
Can someone pls give me a nudge on how to get root. Got p*** running and see a potential thingy but don’t know how to advance…
Help would be appreciated!
Can someone pls give me a nudge on how to get root. Got p*** running and see a potential thingy but don’t know how to advance…
Help would be appreciated!
you should hijack some script
maybe run p*** and re-login from another tap will be a good idea
and watching of course
Stuck on user still, not sure if im going down rabbit hole, found w******/an, tried using burp, idk if ap_get_bic_a**_pw() is supposed to be used, or even how to use it. Anyone able to help?
Stuck on root forever. Guess I’m thinking about it way too hard
Since everyone knows you have to use pspy64 here, I’d suggest looking only at root processes… you can simply save them to a file, grep UID=0 and leave only unique ones. than just carefully examine each one of them over and over.
Hi All, I appreciate there is an ubundance of tips here however Im trying to get the creds for /w******/a****. I ran the s*** exploit and recovered a hash which ive been trying to crack for days but it looks like i ran the exploit wrong hence why i cant use the creds in any other services. I’ve now tried running the exploit correctly (after making a necessary change i missed before tick tock) however the packets are being rejected now by the web server.
Does anyone have any tips or is in the same boat as me? I would very much appreciate a none spoilery tip.