Nightmare

Hello,

I need some hint on Nightmare. I did lots of enum for the web and found some interesting things.

1/ do i need to bruteforce any login?
2/ shall i consider client side attacks??
3/ do i need to “guess” request parameters names ??

plz help

These sound like questions rather that findings… :stuck_out_tongue:

okay :slight_smile:

@eks said:
These sound like questions rather that findings… :stuck_out_tongue:

lol :smiley:

i need little bit help for this box. could anyone pm me ?

can anyone give a hint on what this box was based on?

Hi! could someone help me with Nightmare! I passed first step and can access to machine via s*** but now I have no more ideas :frowning: PM Please

@s3b4stian said:
Hi! could someone help me with Nightmare! I passed first step and can access to machine via s*** but now I have no more ideas :frowning: PM Please

There’s an exploit that will apply well to your situation. Just make sure it matches your environment and I mean really make sure, don’t just give it a cursory check :slight_smile:

@Booj said:

@s3b4stian said:
Hi! could someone help me with Nightmare! I passed first step and can access to machine via s*** but now I have no more ideas :frowning: PM Please

There’s an exploit that will apply well to your situation. Just make sure it matches your environment and I mean really make sure, don’t just give it a cursory check :slight_smile:

:+1: Thanks!

[Spoiler]. However, these [Spoiler] don’t seem to [Spoiler]. Shall I search for [Spoiler]?

I need help with this machine, PM anyone?

Apologies for spoiling. Wasn’t meant.

Hi I am able to have a shell, I enumerated the system but didn’t find anything for privesc. hint needed please! Thanks! PM or netsec chat

Hey guys, I’m kinda stuck after initial enumeration. Would some kind soul PM me (here or on Mattermost) for a nudge (or just discussing my approach)? I’ll show what I found so far.

Hello , could someone please help me for some hint ? That I’ve decoded the dante.txt to the poem and I’ve also noticed that’s also xss vuln on my newly registered account on the site. And I have no idea to step forward. Thanks.

enumerate more and more, play with all web app functionalities

Could also use some guidance for privesc. Not sure how to explain without spoilers, and I’m not sure if I’m even on the right track.

I see that the [redacted] has two [redacted]s of [redacted] [redacted]. I got a [redacted] that should [redacted] both [redacted]s, but having trouble getting [redacted] to [redacted] either [redacted].

Hope that’s confusing enough :wink:

yes, quite confusing. I also noticed the XSS and then there is another *** thing which kind of seems relevant, but I haven’t been able to use it for anything useful so far. And there is a third thing behaving in a way which would suggest that there might be *** there but haven’t gotten anything out of it with my list of suggestions. Confusing and confused.

@Booj said:

@s3b4stian said:
Hi! could someone help me with Nightmare! I passed first step and can access to machine via s*** but now I have no more ideas :frowning: PM Please

There’s an exploit that will apply well to your situation. Just make sure it matches your environment and I mean really make sure, don’t just give it a cursory check :slight_smile:

Can PM me please ? I found the exploit for my specific target but it doesn’t work …

May I have some nudge?