Skunkfoot

If you ask me for help, you better have a well thought-out question, and I expect to know what you've already tried. Don't waste my time making me ask you all of this stuff.

About

Username
Skunkfoot
Joined
Visits
294
Last Active
Roles
Member

Activity

  • sickwell

    hi! Could you please provide some hints regarding to vault enumeration?
    I'm perform following:
    1. dirb/dirbuster/gobuster enumeration with php,txt,conf,sh,html,doc extension allow me found only files /.htaaccess and /.htapasswd under 403 error and the directory */icons/.
    2. Also i tried to avoid waf config by adding in header Sparklays.com for brute dir's/files via burp.
    3. I checked nslookup for sparklays.com:
    Non-authoritative answer:
    Name: sparklays.com
    Address: 104.200.22.130
    Name: sparklays.com
    Address: 104.200.22.50
    Name: sparklays.com
    Address: 104.200.23.46
    Name: sparklays.com
    Address: 104.200.23.95
    Name: sparklays.com
    Address: 104.200.23.45
    Name: sparklays.com
    Address: 104.200.22.49

    and try to add it it some headers in request body (like x-forwarded-for header or other).

    What i'm missed?

    January 29
  • jesusabascal

    Hi I am working in Zipper machine, I have been trying exploits, hydra and investigate guess acces but I can continue. Can you give some hint to continue? Thanks!

    January 2
  • k3vwd

    Hi Skunkfoot,

    Your page three post was great, I'm still having trouble using the info I found here

    homeDirectory: /home/bob8791
    | loginShell: /bin/ksh
    | dn: uid=alice1978,ou=passwd,dc=hackthebox,dc=htb
    | uid: alice1978
    | cn: Alice
    | objectClass: account
    | objectClass: posixAccount
    | objectClass: top
    | objectClass: sambaSamAccount
    | userPassword: {BSDAUTH}alice1978
    | uidNumber: 5000
    | gidNumber: 5000
    | gecos: Alice
    | homeDirectory: /home/alice1978
    | loginShell: /bin/ksh
    | sambaSID: S-1-5-21-3933741069-3307154301-3557023464-1001
    | displayName: Alice
    etc ....

    I've been using smbclient to try to connect and ldapsearch to try to connect however I'm not getting anything. or a error

    [email protected]:~# ldapsearch -x -LLL -h 10.10.10.107 -D 'cn=Alice,dc=hackthebox,dc=htb' -w alice1978 -b 'dc=hackthebox,dc=htb' -s sub '(objectClass=*)' 'givenName=alice

    December 2018
Avatar

Howdy, Stranger!

Click here to create an account.