Nightmare

Hi I am able to have a shell, I enumerated the system but didn’t find anything for privesc. hint needed please! Thanks! PM or netsec chat

Hey guys, I’m kinda stuck after initial enumeration. Would some kind soul PM me (here or on Mattermost) for a nudge (or just discussing my approach)? I’ll show what I found so far.

Hello , could someone please help me for some hint ? That I’ve decoded the dante.txt to the poem and I’ve also noticed that’s also xss vuln on my newly registered account on the site. And I have no idea to step forward. Thanks.

enumerate more and more, play with all web app functionalities

Could also use some guidance for privesc. Not sure how to explain without spoilers, and I’m not sure if I’m even on the right track.

I see that the [redacted] has two [redacted]s of [redacted] [redacted]. I got a [redacted] that should [redacted] both [redacted]s, but having trouble getting [redacted] to [redacted] either [redacted].

Hope that’s confusing enough :wink:

yes, quite confusing. I also noticed the XSS and then there is another *** thing which kind of seems relevant, but I haven’t been able to use it for anything useful so far. And there is a third thing behaving in a way which would suggest that there might be *** there but haven’t gotten anything out of it with my list of suggestions. Confusing and confused.

@Booj said:

@s3b4stian said:
Hi! could someone help me with Nightmare! I passed first step and can access to machine via s*** but now I have no more ideas :frowning: PM Please

There’s an exploit that will apply well to your situation. Just make sure it matches your environment and I mean really make sure, don’t just give it a cursory check :slight_smile:

Can PM me please ? I found the exploit for my specific target but it doesn’t work …

May I have some nudge?

this box was amazing, I recomend it.

trying to exploit the ****, could i pm anyone ?

i can read data from db but stuck there …

Hi guys can someone? Give me some hints about this box ? PM me please !

I’m still lost …

hi, i have decode dante.txt.
But I don’t find the password for admin account.
Help me find the password or advise for where a search

@khomkovova said:
hi, i have decode dante.txt.
But I don’t find the password for admin account.
Help me find the password or advise for where a search

Me too T.T

((

I need hint after get www-data shell

YOURE IN A SIMULATION JOHNNY @johnny87

I can read data from db but stuck there …

May I please some hint?