Lost 3 first days because the foothold port didn’t show up in my nmap scan.?
Foothold: After a good scan, browse, find CVE of the app running to get creds
User: You can try it manually, but hydra makes you save time, also good methodology to always have all users and passwords in different wordlists…
Root: I confirm the blue icon browser is recommended (VIP makes life better too) if you want to access the other app running, 9/10 chance to have a page, compared to 1/20 with the default. To finish, read the documentation and exploit the A*I way to privesc, much better and quicker than the unstable GUI.
I lost three days on root part because of the GUI not working i highly recommand the A*I
Finally rooted i got crazy with this box.
It’s not difficult but it’s unstable and the root part may tkae too long if you don’t find a way around. Be ready to die if you are not VIP lol
Congrats to the creator and thank you @c4ph00k for your valuable hint
Port forwarding is not required. And the WebUI is also not required. If you read the docs on the vulnerable service, you can do everything (for root) with 2 well-written curl commands.
I am so stuck on thisbox, I have so far done the nmap scan and that is it. I have also had a look at the FTP and seen two users with txt files but are struggling to get files due to spaces, I have also found the site on the ssl port. Anyone pm me to help?
I am so stuck on thisbox, I have so far done the nmap scan and that is it. I have also had a look at the FTP and seen two users with txt files but are struggling to get files due to spaces, I have also found the site on the ssl port. Anyone pm me to help?
try (get “xxx yyy.txt”) on ftp without parentheses
I am so stuck on thisbox, I have so far done the nmap scan and that is it.
Well, it’s a good way to start.
It’s a windows box so millions of ports are open but don’t let that put you off. Just work through the ports.
I have also had a look at the FTP and seen two users with txt files but are struggling to get files due to spaces,
Only one file has spaces. The other one shouldn’t be a problem.
When you have spaces, remember quotes exist.
I have also found the site on the ssl port.
If you mean port 443, this might be a bit misleading. Focus on 80 first. If you really look into this, you don’t actually need the text file with spaces.
Well I finally got root and I think I made that much harder than it needed to be. Oh and whoever changed the user hash on the box…naughty, naughty. No Christmas card for you.