login successful in 8080 use p#p# creds
stop here, can’t go forward…
Does anyone find an article about p#p# misconfiguration or exploits??,
Need some hints, no spoilers
please DM me!!!
thank you!
Everything is classic here and I loved. In other time this kind of boxes would be hard I think
User: just follow the name of the box. At this part I don’t know why the box show me that the classic vuln is not there. When you enumerate and get the list of users, may you will need create a script. I don’t know why the classic tools didn’t work just for do it with bash script
When you get response, enumerate all and try to get into all service. Again start from the beginning when you get all that you need.
When you get shell, enumerate and Google FU package like others said
Root: Again is classic but fantastic. This part remember me Canape style
Gracias @sulcud Esta maquina estuvo Genial y es mas de lo que necesitamos en esta plataforma (en mi opinion)
Would love a DM nudge if anyone had time. I have found a way to send items from a low numbered port, and I have a list of recipients… but have not done this before and don’t know what to send or what/how to listen for! Would appreciate a nudge, or a pointed article/blog maybe…
Thanks @sulcud I enjoyed this box after initial frustrations with the foothold! Had a bit of a battle with the last step before getting user but simplifying what I was doing helped.
If you need a hand you can DM what you’ve tried and what you’re struggling with and I’ll try and nudge.
Could use a nudge for foothold. User s**p_enum for some users, but they all look really standard, and uncertain of how to use them. Tried sending them an email with a payload, but i obviously couldnt without having a mailserver
I got stuck. I have accessed **** mailbox, those credentials work for f** but not for p*** on 8080. I didn’t find anything useful at all in f**.
So far, great machine anyway.
EDIT:
Thanks to @choupit0 for getting me out of the rabbit hole. Rooted.
Thanks to @sulcud , the machine frustrated me a lot, but it was really fun and I enjoyed it a lot! The foothold was very original!
Can I get a DM nudge? Have email addresses, sent email with payload, tried hydra, and just can’t seem to find how to get creds and access mailboxes. What vector am I missing?