Official Armageddon Discussion

Type your comment> @1z3n said:

Type your comment> @SlaCk3rxD said:

hi senpai, tried common ports like 20, 21, 22, 23, 25, 80, 110, 143, 443
but i just couldnt get a reverse shell . any hint please.

on the foothold. all you need is a simple enum. take a look at versions. ?

Hello, yeah i have gotten the web application and the version. Google given me couple of CVE that seems to be able to edit alittle for a reverse shell on the vulnerable site. but some reason i just couldnt get my shell =(

Type your comment> @SlaCk3rxD said:

Type your comment> @1z3n said:

(Quote)
Hello, yeah i have gotten the web application and the version. Google given me couple of CVE that seems to be able to edit alittle for a reverse shell on the vulnerable site. but some reason i just couldnt get my shell =(

Try metasploit ?

hey, I’m new to ethical hacking and pentesting and literally cant find anything to get user, could someone help me / give me a hint? would be very appreciated :slight_smile: thanks in advance

Type your comment> @sebba said:

How can i root if my cpu doesn’t support nested virtualization?

Believe me, this is not necessary at all.

Type your comment> @Muzec said:

Type your comment> @SlaCk3rxD said:

Type your comment> @1z3n said:

(Quote)
Hello, yeah i have gotten the web application and the version. Google given me couple of CVE that seems to be able to edit alittle for a reverse shell on the vulnerable site. but some reason i just couldnt get my shell =(

Try metasploit ?

Heh. nevermind. i got it. finally one source from github works.

Greetings to All,

I’ve managed to execute remote command but enable to get shell on server even tried wget or curl but file not created via those cmd. any hint ?

Type your comment> @scorpoin said:

Greetings to All,

I’ve managed to execute remote command but enable to get shell on server even tried wget or curl but file not created via those cmd. any hint?

There is an exploit in a famous framework called msc**e

Type your comment> @Muzec said:

@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?

You can actually use you present shell also just know the tables and boom you will get everything

Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.

Type your comment> @moose said:

Type your comment> @Muzec said:

@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?

You can actually use you present shell also just know the tables and boom you will get everything

Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.

Yes I was confused about that too but it works just put in the commands.

Type your comment> @moose said:

Type your comment> @Muzec said:

@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?

You can actually use you present shell also just know the tables and boom you will get everything

Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.

I had the same problem. Don’t know why, mb it’s a spoiler, but sql commands are working, but doesn’t showed. Try to exit (exit; ?) after you put your commands, with the error you will see your commands and response

Type your comment> @aksofar said:

Type your comment> @moose said:

Type your comment> @Muzec said:

@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?

You can actually use you present shell also just know the tables and boom you will get everything

Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.

Yes I was confused about that too but it works just put in the commands.

Can you pm me how you were able to view the output? It appears my syntax is working but I can’t see any of the output.

Type your comment> @moose said:

Type your comment> @aksofar said:

Type your comment> @moose said:

Type your comment> @Muzec said:

@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?

You can actually use you present shell also just know the tables and boom you will get everything

Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.

Yes I was confused about that too but it works just put in the commands.

Can you pm me how you were able to view the output? It appears my syntax is working but I can’t see any of the output.

Figured out. Thanks :slight_smile: if anyone needs any help, let me know.

@menkar411 said:
Type your comment> @moose said:

Type your comment> @Muzec said:

@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?

You can actually use you present shell also just know the tables and boom you will get everything

Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.

I had the same problem. Don’t know why, mb it’s a spoiler, but sql commands are working, but doesn’t showed. Try to exit (exit; ?) after you put your commands, with the error you will see your commands and response

Thanks! :slight_smile:

i found exploit for the machine for initial foot hold and it say target is vulnerable but cant able to generate a reverse_shell or session…any help

foothold: enumeration and cve
user: more enumeration (pay attention to whats running on the machine)
root: pretty straight forward (as @AbuQasem already said, a vulnerability that existed in prior versions can help you a lot…)

A> @DK9510 said:

i found exploit for the machine for initial foot hold and it say target is vulnerable but cant able to generate a reverse_shell or session…any help

I sometimes get caught out by a certain tool not detecting the correct local IP to use, or not remembering to open up the right port on my firewall.

Hello, I have a connection with the machine, but it does not let me leave the container folder of the web, and when performing a reverse shelll it does not create the meterpreter session

i was able to use

s***c**** pack xxxx

command after having installed s*** and s***c***** on a normal kali machine. this creates a s*** from a directory. when installing a s***, it mounts it somewhere onto the file system, so i included set*** binaries in the s***. i don’t think this is the intended route, though.

I feel like there is a lot of help on this so far. The only thing that I would suggest is to not overthink it (I know I did).

Foothold: Easy to find from google
User: Basic enumeration. If you have worked with web applications in the past with login screens, you should know what you’re looking for. If you haven’t, do some searches about setting up things like wordpress or dvwa. You’ll see some information that will be useful in different files.
Root: This was the headache for me. I overthought this a lot and wasted some serious time. There are some great posts about doing this exploit, but you may need to change a few things up. It’s not about what you’re installing, but what you do while you’re installing :wink:

yay finally gotten user but root i do not have a clue… finally that “s***” came into my mind. lol. let’s see how to work that “snap”