Postman

5 minutes to go, everyone ready?

Yup, can’t wait. Wonder if it is indeed going to be easy with such rating or it’s going to be another of those ““easy”” that’s actually more like hard lol

Nmap taking ages. There goes any chance of FB lol

Anybody bumped into that login page after getting rejected using a fairly new 0day?

@trollzorftw said:

Anybody bumped into that login page after getting rejected using a fairly new 0day?

The specific vulnerability for that seems to have been disabled. I got a 500 back from the server

I got something back for that but was unsuccessful, if its the 0day I think your talking about it only effects versions downloaded from sourceforge apparently

Found 2 services on higher-ish (non-random) ports and supposedly working exploits for both, neither of which worked. Great lol

I’m confused which enumerate higher port or lower one :slight_smile:

Edited:

Have Access to the box with low priv shell. :slight_smile: going for escalation

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

Type your comment> @rholas said:

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

doesn’t work though. At least didn’t for me

The exploit on r***s should work?

Type your comment> @rowra said:

Type your comment> @rholas said:

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

doesn’t work though. At least didn’t for me

POST man

Access denied for 10.10.14.xx. The host has been blocked because of too many authentication failures.

Type your comment> @UrielY said:

The exploit on r***s should work?

Yes

Low privelige shell got, let’s see what’s next…

Type your comment> @trollzorftw said:

Type your comment> @UrielY said:

The exploit on r***s should work?

Yes

what if it doesn’t? no session was created :confused:

Type your comment> @rowra said:

Type your comment> @trollzorftw said:

Type your comment> @UrielY said:

The exploit on r***s should work?

Yes

what if it doesn’t? no session was created :confused:

You should play a bit with the CLI and realize that you need to edit your script a little

@trollzorftw said:

Type your comment> @rowra said:

Type your comment> @trollzorftw said:

Type your comment> @UrielY said:

The exploit on r***s should work?

Yes

what if it doesn’t? no session was created :confused:

You should play a bit with the CLI and realize that you need to edit your script a little

I used r***s to get a shell as the user r***s, can I use a script to get a higher privelige user or does it lead to the same shell?

Type your comment> @clubby789 said:

@trollzorftw said:

Type your comment> @rowra said:

Type your comment> @trollzorftw said:

Type your comment> @UrielY said:

The exploit on r***s should work?

Yes

what if it doesn’t? no session was created :confused:

You should play a bit with the CLI and realize that you need to edit your script a little

I used r***s to get a shell as the user r***s, can I use a script to get a higher privelige user or does it lead to the same shell?

I had the same idea, but I can’t access the higher privilege user folder, im getting permission denied.

R***s service cli look > @rowra said:

Type your comment> @trollzorftw said:

Type your comment> @UrielY said:

The exploit on r***s should work?

Yes

what if it doesn’t? no session was created :confused:

I used tnet and ncat working fine with me. :slight_smile:

but the command syntax for listing directory annoying little bit.

Found W***** but cant seem to find the r***** that some have mentioned. A hint would be welcome.