Official Tabby Discussion

Type your comment> @Jalaj said:

Please stop Resetting the box again & again

to quote @Rocketeer … you can’t tell me what to do and not to do on this forum.

hope that just put things into context…

Type your comment> @zer0bubble said:

Type your comment> @Jalaj said:

Please stop Resetting the box again & again

to quote @Rocketeer … you can’t tell me what to do and not to do on this forum.

hope that just put things into context…

What do you mean?

L** can lead to any RCE? I guess no.

you just seem quite obtuse by getting argumentative on an internet forum. its silly. He has a valid point. 10 users 3 roots in 2 hours and peopel were begging for hints at the 60 minute mark. You have a valid point that people will do what they want. - the example is asking people for hints ( mirrored as please stop resetting the box) the answer is try harder or any other response. (mirrored, i will reset the box if i want because it is my choice to do that).

Its a self licking icecream cone of internet tom-foolery

Spoiler Removed

how do i blindly enumerate the L**? seems like standard directories wont work…

@Zoinks sick spoilers bro

Type your comment> @Hyperspoke said:

@Zoinks sick spoilers bro

yeah… a bit too much spoilers…

Report it IMMEDIATLY!

Sorry bout that, tried to edit and replace characters with * but was already deleted

wait, they really deleted that? it said literally nothing!

Last login: Wed Jun 17 21:58:30 2020 from 10.10.14.2
root@tabby:~# id && hostname
uid=0(root) gid=0(root) groups=0(root)
tabby
root@tabby:~# 

Rooted, fun box.

Wow… Running out of ideas on this one! HTB easy boxes always surprise me LOL

I have l**, I have some users, I have another service running on another port.

The conventional attacks related to l** are not working…

I tried bruteforce with small wordlists, nothing. but, well … bruteforce is never intended so…

I must be forgetting something. Any good souls to give me a little push? :blush:

Type your comment> @ferreirasc said:

Wow… Running out of ideas on this one! HTB easy boxes always surprise me LOL

I have l**, I have some users, I have another service running on another port.

The conventional attacks related to l** are not working…

I tried bruteforce with small wordlists, nothing. but, well … bruteforce is never intended so…

I must be forgetting something. Any good souls to give me a little push? :blush:

In the same boat. Read extensively on certain documentation in hopes to leverage information. Nothing. Not sure where I can go from here…
Edit: A tiny nudge in the right direction wouldn’t go amiss. :>

Well I’m pretty well stumped. I’ve been unable to get even a user or exploit anything on this server.

L** is there - user guess is ok with 1000 under ***d - a, tried locating *-.xml but not able to find data for login … is it the correct path?

Type your comment> @x03 said:

L** is there - user guess is ok with 1000 under ***d - a, tried locating *-.xml but not able to find data for login … is it the correct path?

I am trying the same, so at least you’re not alone in your thinking.

Type your comment> @x03 said:

L** is there - user guess is ok with 1000 under ***d - a, tried locating *-.xml but not able to find data for login … is it the correct path?

same here. was able to get some information about the exact location of where it’s running from, but no success on the -.x*

Type your comment> @Dviros said:

Type your comment> @x03 said:

L** is there - user guess is ok with 1000 under ***d - a, tried locating *-.xml but not able to find data for login … is it the correct path?

same here. was able to get some information about the exact location of where it’s running from, but no success on the -.x*

finally got it. now i’m trying to start something but for now it fails

Finally moved past the part I was stuck on for ages, which most of you are/will be…
What you’re seeking isn’t in a well-known place…