@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?
You can actually use you present shell also just know the tables and boom you will get everything
Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.
I had the same problem. Don’t know why, mb it’s a spoiler, but sql commands are working, but doesn’t showed. Try to exit (exit; ?) after you put your commands, with the error you will see your commands and response
foothold: enumeration and cve
user: more enumeration (pay attention to whats running on the machine)
root: pretty straight forward (as @AbuQasem already said, a vulnerability that existed in prior versions can help you a lot…)
Hello, I have a connection with the machine, but it does not let me leave the container folder of the web, and when performing a reverse shelll it does not create the meterpreter session
command after having installed s*** and s***c***** on a normal kali machine. this creates a s*** from a directory. when installing a s***, it mounts it somewhere onto the file system, so i included set*** binaries in the s***. i don’t think this is the intended route, though.
I feel like there is a lot of help on this so far. The only thing that I would suggest is to not overthink it (I know I did).
Foothold: Easy to find from google
User: Basic enumeration. If you have worked with web applications in the past with login screens, you should know what you’re looking for. If you haven’t, do some searches about setting up things like wordpress or dvwa. You’ll see some information that will be useful in different files.
Root: This was the headache for me. I overthought this a lot and wasted some serious time. There are some great posts about doing this exploit, but you may need to change a few things up. It’s not about what you’re installing, but what you do while you’re installing
Hi, has anyone managed to set up the “crafter” on MacOS? I keep getting an error that multipass is not configured properly although I have installed it as well.
Hi, has anyone managed to set up the “crafter” on MacOS? I keep getting an error that multipass is not configured properly although I have installed it as well.
I’m bashing my head into a wall right now…
Got initial foothold under a*e using a popular framework. Cannot seem to connect to ml, even from the shell. Tried port forwarding and still no luck. BTW, I have the credentials to connect, but can’t seem to do so. Any help would be greatly appreciated.
EDIT: NM, hahahaha… found the alternative, and much simpler, method
To solve that machine enumeration is a key you already have everything infront of you…
Root part is pretty simple if u stay on the genuine approach…
You must find out a way to solve what you found…
I’m bashing my head into a wall right now…
Got initial foothold under a*e using a popular framework. Cannot seem to connect to ml, even from the shell. Tried port forwarding and still no luck. BTW, I have the credentials to connect, but can’t seem to do so. Any help would be greatly appreciated.
Same issue here - maybe it’s a rabithole, or wrong creds?
This box is both easy and hard. Easy to discover the entry points but requires some specific knowledge and toolsets to exploit.
SE Linux was a bit of a pain in the buttons at one point but nice to see it.
I’ll be very interested in seeing exactly how others rooted this one. Mine was ugly but worked. Will watch for walkthroughs.
I’ve found that in both htb I’ve done so far… Super easy to find the vector of attack but you need some specific knowledge. So you spend a day learning something that you never needed to use before. Not a bad experience but definitely can be frustrating.