Arkham

I can ent and det default data sends in the vi*te parameter. But when i configure my own ext, it doesn’t work, doent ping me and return 500 http error, Help me please via PM! Thanks in advance.

@killinem said:
I can ent and det default data sends in the vi*te parameter. But when i configure my own ext, it doesn’t work, doent ping me and return 500 http error, Help me please via PM! Thanks in advance.

same here…

I have been trying to crack the password for b****.**g but hashcat shows no progress. It stays stuck at 0% forever. I have even tried to generate a subset of relevant words as suggested by @MinatoTW. But hashcat is not trying any of them. I am using Kali64 as a VM.

Any nudges would be helpful.

Decryption works here fine, encryption as well but i have problems with the payload generation. I know the tool for it but cant get all infos together, someone up for a chat?

Edit: got User

I downloaded the backup file few days ago and i right now i have no clue how to download that file again. Could somebody please assist me to get that file from smb.

I just cant download the file, its just giving me an empty file. The first time around i used smbmap and smbclient and was able to download the file, this time the file just comes empty. PLease give a small helping hand.

even tried smbget now. Noting :frowning:

Great box. I’ve learned a lot so far. Now I’m stuck with overcoming the UAC, but I will find my way…

got the backup.img file, extracted stuff using bin***k, fixed corrupt zip file and i dont know what i am supposed to be looking for.

Can someone explain why that “Potentially risky method” on 80 port does not work as many whitepapers tell it should work? And maybe you could send me articles about exploiting this kind of vulns?

Hi, I could use a nudge please. I got the zip → decrypted the img file → I think I found the s**rt in the tmct files. What do I do next? PM me please. I have a couple ideas but I don’t want my comment to be flagged as a spoiler. Thx.

Type your comment> @dontknow said:

Can someone explain why that “Potentially risky method” on 80 port does not work as many whitepapers tell it should work? And maybe you could send me articles about exploiting this kind of vulns?

That potentially risky method allows peope to upload files on the server like reverse shell etc.

This box is definitely beyond my capabilities, but I would like to learn something from it. If anyone that has been able to decrypt and mount the b*****.i** I would like to know how you did it.

Based on the information I could get using the command line tools I couldn’t find any hashes to crack with a custom built dictionary from rockyou.txt.

Anyone that is willing to teach me a little something I would appreciate it.

Type your comment> @jfx41 said:

This box is definitely beyond my capabilities, but I would like to learn something from it. If anyone that has been able to decrypt and mount the b*****.i** I would like to know how you did it.

Based on the information I could get using the command line tools I couldn’t find any hashes to crack with a custom built dictionary from rockyou.txt.

Anyone that is willing to teach me a little something I would appreciate it.

Cracking not needed. You can try to research binW**k tool.

Type your comment> @hansraj47 said:

Type your comment> @dontknow said:

Can someone explain why that “Potentially risky method” on 80 port does not work as many whitepapers tell it should work? And maybe you could send me articles about exploiting this kind of vulns?

That potentially risky method allows peope to upload files on the server like reverse shell etc.

That really looks like answer about PUT. I wanna confirm, are you talking about TRACE or PUT?

Spoiler Removed

@dontknow said:
Type your comment> @hansraj47 said:

Type your comment> @dontknow said:

Can someone explain why that “Potentially risky method” on 80 port does not work as many whitepapers tell it should work? And maybe you could send me articles about exploiting this kind of vulns?

That potentially risky method allows peope to upload files on the server like reverse shell etc.

That really looks like answer about PUT. I wanna confirm, are you talking about TRACE or PUT?

about PUT

Anybody got any nudges about bypassing restrictions and restoring the admins powers? I think have the right exploit but powershell says no.

Awesome machine :slight_smile: Root was very nice!

Anybody willing to help with decrypting the vs value? I have the key, but I keep getting “bad magic number” when using openssl to decrypt it. Please pm me. I did many different tests, but I’m failing, any hint in the right direction is appreciated.