Official Tabby Discussion

If anyone needs hints, can hit my inbox.

Type your comment> @nothades said:

Feeling pretty frustrated rn, spent a good amount of time getting a low level shell, and now I’m struggling to transfer the 161*****.zp file to my local machine. Can’t use SimpleHSeer, so I’m really not sure how I’m supposed to take a crack at it.

If anyone could give me a nudge or a PM I’d really appreciate it

looks exactly which version of pyn is supported by the box and use the h***er syntax for that particular version.

Type your comment> @nothades said:

Feeling pretty frustrated rn, spent a good amount of time getting a low level shell, and now I’m struggling to transfer the 161*****.zp file to my local machine. Can’t use SimpleHSeer, so I’m really not sure how I’m supposed to take a crack at it.

If anyone could give me a nudge or a PM I’d really appreciate it

Try using nc instead.

Rooted, Si alguien necesita ayuda al DM

huge shout-out to those dickless assholes who are removing my war file, ■■■■ you motherfuckers…you aint gonna get anywhere while doing so!!
get your war file shove up deep into your asses!!!

Rooted !

User and Root took me 1 hour. Foothoold days… ! One big advice is … install what you think to install for replicate the enviroment. Just apt.

DM if you are stuck !

Type your comment> @NFire0111111 said:

Rooted !

User and Root took me 1 hour. Foothoold days… ! One big advice is … install what you think to install for replicate the enviroment. Just apt.

DM if you are stuck !

Finally rooted.
Same advice for annoying initial foothold, just install it using apt on your local.
Thanks @AidynSkullz for the nudge.

Wow, finally rooted!

The initial foothold drove me up a wall lol

Can’t really say anything that hasn’t been said here.
PM for nudges

Type your comment> @nothades said:

Feeling pretty frustrated rn, spent a good amount of time getting a low level shell, and now I’m struggling to transfer the 161*****.zp file to my local machine. Can’t use SimpleHSeer, so I’m really not sure how I’m supposed to take a crack at it.

If anyone could give me a nudge or a PM I’d really appreciate it

scp is a great thing to learn to use! :slight_smile:

Just got root. This was harder than some medium rated machines (or maybe its just me).
feel free to PM for nudges

rooted, took me about a week between user and root so hang in there! Happy to give nudges…

After bashing my head on a wall with the Travel box, this was a really nice one to work on. Foothold to Root after a working on it for few hours. Fun box!

OK… I literally wasted all day on the foothold for this box, even after I read the first few pages of this thread for hints… all the tips about “do more enumerating” did not help one bit. Even the pointers about the file location being written on the site somewhere didn’t help…

In the end, it was my browser that screwed me… so my nudge is… blank pages aren’t necessarily empty.

head-desk

Could anyone tell me how can I read the xml file to get credentials

@unmesh836 said:

Could anyone tell me how can I read the xml file to get credentials

Use a web browser and look at what it has sent you.

rooted! If anyone need help just DM
También en español :wink:

Type your comment> @TazWake said:

@unmesh836 said:

Could anyone tell me how can I read the xml file to get credentials

Use a web browser and look at what it has sent you.

Maybe look what it’s sent in Burp? I think some people have issues with looking in browser?

Foothold: If you found initial vuln, take a look at something on the other port and enumerate. In kali you can find out the content of packet to fuzz with apt-file. If you found creds, google what founded roles give you, curl \ httpie \ ******-manager can help you to exploit in this situation.

User: take a look at some interesting file, you can bruteforce them. If it didn’t help you, think about how people are lazy.

Root: it is not necessary to use automatic scripts. Just enumerate manually. There is only one sploit for this missconfiguration in searchsploit :smile: Don’t overthing, try to find out more what your user can do on machine.

I found the T*****-.x with creds and could log into /H-M****** and stuck there. People all say read and dont skip over little details. I have read pretty thoroughly with no luck at this point. Nudges would be great. (Also have tried Curl instead of using browser to try and be creative, but unsure on how that could even help me any further)

Type your comment> @JitB said:

I found the T*****-.x with creds and could log into /H-M****** and stuck there. People all say read and dont skip over little details. I have read pretty thoroughly with no luck at this point. Nudges would be great. (Also have tried Curl instead of using browser to try and be creative, but unsure on how that could even help me any further)

This file contain roles besides login and password. Google what rights that roles give you