Traverxec

got user, root is hard, i’m still enumerating

Can I get a hint about how to start user without port 80 open?

Spoiler Removed

Got foothold and the credentials for the user, cant ssh or su to the user using the cracked credentials. Any hint on this one on how to escalate to user?

Type your comment> @casey said:

Got foothold and the credentials for the user, cant ssh or su to the user using the cracked credentials. Any hint on this one on how to escalate to user?

same here

Got initial shell, haven’t found any creds, any hints?

Type your comment> @Shad0wQu35t said:

Type your comment> @rholas said:

Can I get a hint about how to start user without port 80 open?

u need port 80 open in order to exploit into the system. the issue should be resolved now

But port 80 is still closed, tried reset but not worked

Type your comment> @Ma1ware said:

Got initial shell, haven’t found any creds, any hints?

try look for the folder used for html

got initial shell and found da*** credential, but unable to use su and ssh into da***. is that a rabbit hole?

Do we need the .hta***** file for getting user ?

I found creds but not worked, but found something in n…co… and open a new page

Stuck with found creds too…

@OMYT said:

Stuck with found creds too…

same here xD

Can someone pm me how to crack creds. I know how to use them…

Type your comment> @stoffern said:

Can someone pm me how to crack creds. I know how to use them…

the usual tools run within a VM will crack them in a few seconds in your VM if done properly no need for high end GPU’s or anything

Сredits of user d *** d in the htp **** d file is a rabbit hole ?

Type your comment> @stoffern said:

Can someone pm me how to crack creds. I know how to use them…

throw a hint how to use them…

Type your comment> @stoffern said:

Can someone pm me how to crack creds. I know how to use them…

use the most common wordlist wif the 2 top tools used to crack hashes… gpu vs cpu

Type your comment> @stoffern said:

Can someone pm me how to crack creds. I know how to use them…

search for john or hashcat

so anyone got past the creds?
and like to share some insights?