Dante Discussion

Hi guys.

I managed to pwn dc01 and to log into RP as kaa then I found an interesting file called ee_b****p.xlsx

Now I tried more idea that did not work.

Any advice?

In the first network I pwned all boxes except WS02 SQL01 and J**K**** ones and I did not find a way to pivot until now.

Thanks

anyone been able to escalate on DANTE-WEB-WS03? im working on the exploit, get a connection, but it immediately closes. any advice would be much appreciated!!

Hello all, I was wondering if anyone could give me a nudge on the .100 Box. I’ve already ran Nmap -D and i think i’ve gotten all i can get service wise… i’m not very experienced with this so any advice and or help would be greatly appreciated

Type your comment> @lhh4sa said:

anyone been able to escalate on DANTE-WEB-WS03? im working on the exploit, get a connection, but it immediately closes. any advice would be much appreciated!!

Pm man

Flag one from sheer dumb luck. Just goofing off pinging random stuff while my scans ran and boom.

I know i’m not going crazy, but did something change over the network? Yesterday morning the .100 host had 3 open ports and last night all of them are filtered suddenly…

Hi, Anybody offer some help on .13 initial shell. Think I have found the entry point but not getting any closer Thanks

Type your comment> @LostatSea said:

I know i’m not going crazy, but did something change over the network? Yesterday morning the .100 host had 3 open ports and last night all of them are filtered suddenly…

Happened to me a couple times. One time was because lab was being redeployed. I waited a few minutes and reran nmap. But it was different this morning, it just wasn’t working. I switched to a different GEO (from EU to US) it worked!

Oh my stars! I must be missing something on the dot century box. Feel I have done cubic ■■■■ loads of enum, but nothing bites (dir finders, nikto scans and it’s “specialized” cousin, ). Found a page in someone’s notepad with interesante info, including one who may have less the stellar security performance. Can’t seem to capitalize on that through any of the services. Can only seem access the first one disallowed, enuming the second has brought nothing to visit so far. The second seems peculiar, however. Missing a char the other has. Can someone send a nudge of what I am missing?

FInally got somewhere!

Hello, is there someone I can PM,

I am extremely new to this,

I am and the starting point,
@Foothold, I cannot proceed further, some help would be greatly appreciated
Thanks a lot
Ati

Hi.
I managed to pwn all hosts but I miss ws02, I feel stuck I can’t find a way to get into.

I tried all credential that I collected on each service and I did not find CVEs or similar, any help?

I missed this flags:
Update the policy!
Single or double quotes

Update the policy makes me think that I should exploit some information that I should already have but I have not success :confused:

kind of hit a wall in terms of moving around. only hosts i have left inside the first network are NIX07, WS02, DC01, SQL01and FW01. Any advice as to how to pivot to these hosts would be greatly appreciated.

Looking for some help on getting a shell for WS-01 have creds for admin and John but kinda lost on what to do now. Got some simple XSS working but would like to ask more questions if anyone is available for more in-depth questions?

Type your comment> @lhh4sa said:

kind of hit a wall in terms of moving around. only hosts i have left inside the first network are NIX07, WS02, DC01, SQL01and FW01. Any advice as to how to pivot to these hosts would be greatly appreciated.

I am in the same spot and situation, except that I have pwned DC01 also. I am also under the understanding that FW01 is out of scope.

@m1ddl3w4r3 said:
Looking for some help on getting a shell for WS-03 have creds for admin and John but kinda lost on what to do now. Got some things working but would like to ask more questions if anyone is available for more in-depth questions?

You can PM me.

Type your comment> @stunn4 said:

Hi.
I managed to pwn all hosts but I miss ws02, I feel stuck I can’t find a way to get into.

I tried all credential that I collected on each service and I did not find CVEs or similar, any help?

I missed this flags:
Update the policy!
Single or double quotes

Update the policy makes me think that I should exploit some information that I should already have but I have not success :confused:

I missed these flags as well - I would be very happy if somebody could point out where these flags are hidden (via PM). :smile: Thank you.

Hello,

Having a bit of trouble getting my foot into this one.
I know what account I should be targeting and tried some common wordlists on all 3 ports.
I was going to try rockyou, but I had a feeling that I shouldn’t need such a large wordlist for this machine.

Would anyone be willing to give any pointers? I would really appreciate it.

Anyone have any tips for a foothold in dante-nix03 or dante-nix07? I have creds for webmin on nix03, but login is not working. Also on nix07 I do not get further than finding out about jenkins port

Type your comment> @sT0wn said:

Anyone have any tips for a foothold in dante-nix03 or dante-nix07? I have creds for webmin on nix03, but login is not working. Also on nix07 I do not get further than finding out about jenkins port

Remember there are a few boxes that have dependencies on others. It could be one of those boxes does not have a path until you make progress elsewhere.

For Webmin, careful analysis should give you working creds for the login.

Feel free to DM.

Could anyone give me a nudge on where to go for the NIX01 flag? I’m new to this and have used every enumeration script I have but don’t see any way to proceed past the 2 users. Thanks.

Hi, you can PM me about this…

@FullHorse17 said:
Could anyone give me a nudge on where to go for the NIX01 flag? I’m new to this and have used every enumeration script I have but don’t see any way to proceed past the 2 users. Thanks.