I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I donāt think this is a spoiler because it helps with absolutely nothing, more like a ādonāt waste your timeā spoiler.
Type your comment> @Zot said:
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I donāt think this is a spoiler because it helps with absolutely nothing, more like a ādonāt waste your timeā spoiler.
For get a cookie just go on inspection browser and then on console and write āwindow.cookieā or tab storage cookie
wellā¦ now that i have creds, i feel even more lost than before.
Wtf winrm? rabbit hole? I have valid credentials :neutral:
Type your comment> @zer0bubble said:
wellā¦ now that i have creds, i feel even more lost than before.
As in you made yourself an account, or found some somewhere?
Edit: I donāt speak this language. I donāt think I need an exploit, per se.
Edit: If anyone is on here that has gotten a foothold, am I supposed to chase the ābadā exploit, or am I way off base?
enter in the wastant messenger so what to do now!! tried everything to get the shell!!
bot no use!!
Got creds to something (not the social media site), and I think I know what Iām supposed to do, but everything Iāve tried so far hasnāt worked. And Iām about to throw in the towel.
Finaly got user pff! @S1ckB0y tnx for the headsup when i was stuck.
is something broken, I can log into (not social site) but am greeted with an error.
Type your comment> @luca76 said:
Type your comment> @Zot said:
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I donāt think this is a spoiler because it helps with absolutely nothing, more like a ādonāt waste your timeā spoiler.
For get a cookie just go on inspection browser and then on console and write āwindow.cookieā or tab storage cookie
No luca, I wasnāt trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. Itās all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
Type your comment> @Zot said:
Type your comment> @luca76 said:
(Quote)
No luca, I wasnāt trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. Itās all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
I have the user too, and I have a shell, but itās not easy anyway, in fact I would say that now the road is uphill for me, Iām not good with P **** s *** l
managed to read the root.txt but didnt get a root shell. Anyone who managed to get a rootshell?
Iāve been in a shell for two days without being able to do ā ā ā ā , but what fucking witchcraft is this?
rooted without root shell. I donāt think this box could pop root shell, since weāre limited function
Interesting, I have a fully functional user shell but not super clear atm where to go next.
Type your comment> @luca76 said:
Type your comment> @Zot said:
Type your comment> @luca76 said:
(Quote)
No luca, I wasnāt trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. Itās all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)I have the user too, and I have a shell, but itās not easy anyway, in fact I would say that now the road is uphill for me, Iām not good with P **** s *** l
Iāve never used theā¦ restricted environment (if youāve made it to that user, which you probably have). So this is just going to be a lesson for me. As soon as I got user level access I busted out meterpreter. So navigating the system has been a breeze, but yeah, gotta study the docs for je******** you know.
Reel2 ā¦ i got root!! Insane and crazy box
Type your comment> @CyberVaca said:
Wtf winrm? rabbit hole? I have valid credentials :neutral:
yeahā¦ I am getting the same here.
Got 2nd user creds but winrm is not playing the gameā¦ what am I missing?
Type your comment> @acidbat said:
Type your comment> @CyberVaca said:
Wtf winrm? rabbit hole? I have valid credentials :neutral:
yeahā¦ I am getting the same here.
Got 2nd user creds but winrm is not playing the gameā¦ what am I missing?
Ok got passed that part (yay)
Next hurdle ā¦ :neutral: , challenge