Hi guys, can I PM anyone for sanity check… I think I am lacking a specific user… I hv got bunch of usernames and generated passwords …can help identify what I am missing.
The structure of the names and passwords matters.
Its also worth using a tool designed for the thing you are targeting.
OK so far I’ve tried not to follow the various hints that are currently being given but to
try first what i think might be the ‘reasonable’ exploit (line 26 in that same file that
the error is given us plus the “cleaning” method on the same file).
In addition, I’ve tried sending, just like @TazWake mentioned, a url with the phrases/words i do believe are relevant for all users (brrrrrrrrrrrrrr).
Other than then, I’m currently trying to see other path.
Does the 1st vector i’ve mentioned is the way here ? or the “spraying” ?
got user. took probably longer than it should have. spent more time social networking than i probably should have. tried to do some enumeration for privesc but a break is much needed. I assume it’s something with the files of the current user.
got user. took probably longer than it should have. spent more time social networking than i probably should have. tried to do some enumeration for privesc but a break is much needed. I assume it’s something with the files of the current user.
Enumeration is the key. Finding files used to record information is helpful. Also getting a good idea as to why the command options are so limited opens the door to work out an attack. (This seems vague but it is hard to explain without explaining, when you get root you will understand)
Managed to get the user h**h using r******r … accessed the box remotely using pwsh … but got stuck with JA tried many ways to breakout but nothing seems to work… a nudge towards right direction will really be appreciated.
Managed to get the user h**h using r******r … accessed the box remotely using pwsh … but got stuck with JA tried many ways to breakout but nothing seems to work… a nudge towards right direction will really be appreciated.
Abuse the service you are stuck with. Look at how it is configured, this will give some good ideas on what you can do to make it work for you.
Managed to get the user h**h using r******r … accessed the box remotely using pwsh … but got stuck with JA tried many ways to breakout but nothing seems to work… a nudge towards right direction will really be appreciated.
Abuse the service you are stuck with. Look at how it is configured, this will give some good ideas on what you can do to make it work for you.
Thanks for the response… mmh… didn’t look at it in that perspective, all this time I’ve been trying to break out of it… any link you can share that I can have a look at? Please DM if you have one or share it here if that’s not considered as a spoiler so that it can help anyone else in the same boat as me
Thanks for the response… mmh… didn’t look at it in that perspective, all this time I’ve been trying to break out of it… any link you can share that I can have a look at? Please DM if you have one or share it here if that’s not considered as a spoiler so that it can help anyone else in the same boat as me
I cant really think of anything specific - the Microsoft documentation on this is quite useful though.
After finally reaching out, and even get a response via PM, it all of a sudden decided to ping back
Thank you @acidbat and @TazWake for offering to help. It’s, as always, much appreciated
After finally reaching out, and even get a response via PM, it all of a sudden decided to ping back
Thank you @acidbat and @TazWake for offering to help. It’s, as always, much appreciated
Nice one - the box is a touch unstable to say the least.
After finally reaching out, and even get a response via PM, it all of a sudden decided to ping back
Thank you @acidbat and @TazWake for offering to help. It’s, as always, much appreciated