Im badly stuck user to get p***** shell. I found creds, found exploit, I cant figure l***** parameters. Any nudge after for this
All I can really say is lots and lots of trial and error. I didn’t find a good resource on this and as others have asked, I didn’t keep a note of my final choices.
Try different escape characters and look up the various syntax options for the initial tool.
got a “shell” of ps, but don’t know where to go next
checked rg config using g* s***, but seems that it will only write to a table of p******s
if it is reading the table, then i know it is injectable, but it is writing only, not sure how to inject
I’ve been bruting poor r** for the past 6 and half years. I’ve tried custom bash scripts, custom nmap. And manual caressing with IT Crowd related references. I feel like I’m not understanding the more than generous hints already provided… Can anyone nudge?
I like machines that use less hyped but often used protocols and presents some vulnerabilities belong to them. There are a few nice concepts in Zetta, and I think the user access part is extremely good. The first part of the root access caused several frustrating hours but finally I managed to understand what @f00l8r1t3 had wrote. Thx for it.
Hey. I’m on foothold part. Is it really required to scan the ip6? I think it is a rabbit hole. It takes around 6 hours straight to scan it. But got nothing yet, it is at 99.99% for more than a hour. I really feel helpless here. Anyone please give me a hand to overcome this ip6 nmap part.
Remember “ping ipv6” still works for me, no reset was done. Got my head locked into the scanning part.
Hey. I’m on foothold part. Is it really required to scan the ip6? I think it is a rabbit hole. It takes around 6 hours straight to scan it. But got nothing yet, it is at 99.99% for more than a hour. I really feel helpless here. Anyone please give me a hand to overcome this ip6 nmap part.
Remember “ping ipv6” still works for me, no reset was done. Got my head locked into the scanning part.
I dont think you need to scan all 65536 ports on the IPv6 address, but it shouldn’t take that long - its an identical TCP scan to a full port scan on IPv4.
A bit annoyed that the IPv6 address changes sometimes.
I found the higher port and service, queried it for enumeration.
Stuck there.
I see people commenting about bruteforcing the creds for the user? like ssh bruteforce?
I’m logged as r** but I cant go further…
I’m a bit lost for the p******s shell everyone is talking about.
I found the password but it looks like a rabbit hole.
If someone can PM for this part pls. I’m already guesssing what to do after that, this another service looks pretty interesting…