Dante Discussion

Type your comment> @Ectrix said:

Hello all. In need of some help escalating ws03. Got user and a shell but need some tips on how to progress. Thanks.

You can send me a PM if you are still stuck.

I’ve got the first 15 flags, and I just owned the machine that seems to be the intended pivot to the admin subnet based on a few hints lying around the machine, but it’s not a dual homed host or anything. I can’t ping machines in the admin subnet or load webpages in the browser from this machine. Is there more I need to do on this machine to get access to the second internal network?

Edit: Solved. Just wasn’t being stubborn enough. Thanks ST0wn.

Anyone able to lend a hand on the LFI? Not exactly sure how to get a shell from it, feel like I have tried absolutely everything and am down a rabbit hole

anyone having issues hitting the LFI? getting unable to connect

sorted, anyone give me a nudge on downloading a .zip

Type your comment> @browna351 said:

sorted, anyone give me a nudge on downloading a .zip

Maybe netcat.

Anyone able to give some hints for moving off the foothold machine? I’ve found a few things and got a few ideas but having trouble getting anything to work.

hello everyone, i feel like i’m running in circles enumerating the DC-01… i’m stuck on WS-01 and SQL-01 too, anyone has an idea on what to do?

Anyone out here who can help me out a bit on the initial foothold? Got first flag, know which user to target, got the text file, however, rockyou is not helping me out at all. Been stuck pretty long ;c

Type your comment> @Mayseve said:

Anyone out here who can help me out a bit on the initial foothold? Got first flag, know which user to target, got the text file, however, rockyou is not helping me out at all. Been stuck pretty long ;c

for a hint on foothold feel free to dm me

Anybody out there willing to give me a pointer on the foothold for DANTE-SQL1 or the box running Jenkins?

Type your comment> @f3eDme said:

hello everyone, i feel like i’m running in circles enumerating the DC-01… i’m stuck on WS-01 and SQL-01 too, anyone has an idea on what to do?

Edit: Got both DC-01 and WS-02 (mistyped the firt time) moving on to SQL-01

Anybody completed the Jenkins box? I have a hunch of what is required, however I’m not sure how to pull it off without a POC?

Have completed half the lab, so PM me if anyone needs pointers, and i may be able to help.

I’ve got everything but WS02. Based on the flag name and position in the list I have a hunch about what computer I might need to look at for a foothold on WS02, but I haven’t found a way yet. Would appreciate a hint…

Also willing to give hints on the other machines. Just PM me.

Edit: Finally got it. Thanks for feedback.

Got the 1st flag. Anyone can give me a nudge on the 2nd?I have an idea and I’m trying it, if not this, I don’t know. Can someone DM me a hint please? Thank you!

Guys, is the .100 w*******s pass changed? Cause I can’t login.

Just to give some hints like classic machine lab discussion:

Century box:

  • user: trust the information you have and persevere with your own content

  • root: enumeration scripts most likely give you the solution

  • Pivot: SSH and SOCKS are common tools to do this

Edit: Disregard! :smile: (Started the lab today. This was just a comment about filtered ports.)

Hi guys. I have been stuck at privesc on NIX02 from F to root for a few days now. I have identified that we must be talking about p***** lib**** h******** but I simply cannot make it work (seems like the way the script gets called does not execute the code?). I have watched all Ippsec’s videos about it and googled. Could someone please PM me a hint. Thanks

Just to give some hints like classic machine lab discussion:

NIX02:

  • user: somtimes read is more usefull than execute

  • root: read files again

Type your comment> @michael7474 said:

Just to give some hints like classic machine lab discussion:

NIX02:

  • user: somtimes read is more usefull than execute

  • root: read files again

You are right, thank you!