@p5yph3r said:
please give some hint for PRIVESC , as many people said , i tried LinEnum.sh …also the his STUFF “m*****r.sh” does the same…i reconed we can moves that file to id(0) …but not able to execute it from there…
am I in the right direction ???
Me too. Stuck at right there. Please help on privesc.
hi I new here and I have two days trying everything and I read all the advice that is easy but remember that when it is easy is that one more complicates someone can guide me to opt for the user and password !!!Help!!!
This is my first box on HTB. The amount of resets are crazy. I’ve enumed the username and login page pretty easily. Ive tried a ton of default passwords and even obvious things that are on the page itself. I feel like its possible based on the comments here that i may have already entered the correct password but its pretty buggy. Can anyone PM me to help so I can move on from this step
@murp said:
This is my first box on HTB. The amount of resets are crazy. I’ve enumed the username and login page pretty easily. Ive tried a ton of default passwords and even obvious things that are on the page itself. I feel like its possible based on the comments here that i may have already entered the correct password but its pretty buggy. Can anyone PM me to help so I can move on from this step
@Cervantes said:
This is really frustrating. It is my first maschine and i spent 4 hours on it. looked at so much things: php/bit files, images, dirb, dirbuster for the initial password but could not find it. i don’t know how i should guess it. i also don’t know what htb “deafult” password are… this is really frustrating
Hi I am Jeff. I tell my friends I am a pro sysadmin and even put it on my resume. In reality though I haven’t been able to figure out where any button other then the “next next next” button is.
Once you realize how foolish Jeff is it only gets worse. Jeff’s laziness continues to create bad security flaws. During enumeration think about how Jeff could have traded security for laziness.
After you figure that out, well the rest is semi easy, just remember seeing isn’t always believing.
@jc1396 said:
No matter which shell I try, I keep getting “This exploit may require manual cleanup of ‘image.php’ on the target”. Am I missing something here?
you just have to manually figure out the path where the shell is uploaded and trigger ii manually for the first time… for some reason metasploit wont do it for the first time!
google is your friend…