Got creds, got s* access: I am able to Alert the web page - I can upload whatever I want and got this weird javascript shell running - But other than that, i’m pretty stuck. s* can communicate with the domain.
Once you’re able to run things on the web page - what’s next ? Printing an alert is cool and all but i’d want a user shell instead
I’m stuck trying to get foothold, I found the a******r b****t, I found its owner w*****e and the incorrect acl. Enumerating, I found s***l and h***th, I found the credentials (as anybody else in my position) and now I’m trying to find a place to use them, but with no luck. S*s and i*m services seems to both be disabled, and the h***th page confirms that. I tried anything, from vhosts to paths and files.
Finally rooted, for me user was the hardest part because I am not too familiar with *** and I didn’t know those services could run outside of the real A…Z infrastructure.
You need to get familiar with the famous command line tool that they use and, regarding what I just said, be aware of the flags to take into account where exactly is the stuff you are looking at. Use the help for this and read.
Once on the box this is more familiar territory which is why it was easier for me. A bit of enumeration should show you and application which you should look at as if it were an HTB challenge.
Trying to understand the service works and how it can communicate with the primary domain.
Is there any good documentation/reference I should be looking at for this? I don’t have a ton of experience on this side of things, and I’m trying to dig out what I can, but it’s been a struggle finding the right information.