Andromalius

About

Username
Andromalius
Joined
Visits
24
Last Active
Roles
Member

Comments

  • @sesha569 My only advice is to read through the thread, and figure out how you could turn back time on a computer. Not too many options.
  • @NeilSec Having done the box, I'm going to assume they were talking about something different. If you don't know how they got on the box, my hint to you would be to enumerate more. You might find something useful you missed before.
  • @NeilSec So you haven't gotten on the machine, and you're wondering why you can't see the password backup people are talking about? ... Just saying
  • @NeilSec If you got user, you really shouldn't have any trouble finding it. Edit: Unless you mean for privesc, in which case the above hints should be more than sufficient with research or knowledge. (Time machine stuff)
  • @matikhalliqie I highly recommend figuring out what mistake you are making with the Metasploit module. If you have this much trouble with Jerry and can't fix it on your own, you're going to have a bad time here.
  • For any who have trouble extracting a zip file... If you're using the command unzip -P "***" you might get an 'incorrect password' even if you are right. Try just using unzip on the file, then enter the password at the prompt. Hope …
  • > @julietta said: > I have previously owned the user and submitted the hash. However now I try to login the same way the password no longer works? It kept saying Permission Denied.. Did someone change the password or something?? Very puzzled.…
  • @Reklaw, I answered that in the thread related to that box. Go back one page and read, or check my user profile for the comment history.
  • > @NovNovikov said: > I got user.txt, I am able to read files but no listing or shell yet, I've found some files for a service, running on different port, but all I get is - "invalid format" error, although i verified them, and they…
  • > @servetel10 said: > I am in that time machine file but dont know what to do next, please PM me If you have a command you don't know how to use, how do you learn? If you have actually found the time machine, I guarantee you can even f…
  • > @Chuspi1k said: > Hi, I enumerated box, I have a RCE and uploaded but ..... I can see it. Any friend can give a hint by pm? Thanks in advance If you upload code, but can't find it or execute it, that's not RCE... That's RCU (arbitrary …
  • Not loving this box. Finally got user, and that was just ridiculous for the difficulty. Too many times I would have the reverse ready, only to come back to a 500 or 404 page. Now I'm in, but have no clue where to start for root. Checked out files…
  • @federella You've done the right thing by finding a username... Perhaps you might enumerate a little more and find a password somewhere?
  • For any who have trouble extracting a zip file... If you're using the command unzip -P "***" you might get an 'incorrect password' even if you are right. Try just using unzip on the file, then enter the password at the prompt. Hope …
  • Anyone willing to PM? Got an alert box, and all the google in the world says that people stop at this point because it usually requires a user attack. Would love some more information on how I get from arbitrary JS execution to RCE.
  • @bradmn I honestly can't remember anymore, but I've gotten a few roots since then. Might have learned enough to see something I missed before. Looking forward to heading back tomorrow.
  • I have to say @lokori, I haven't done many machines but this has been one of my favorites. Really didn't see a way in, and reading through this thread forced me to do a lot of research. I now have plenty of resources that I'm sure will come in usef…
  • Going to have to shelf this one for now. Read through every post in this discussion and I'm still not entirely sure what I'm supposed to be looking for in these directories...
Avatar

Howdy, Stranger!

Click here to create an account.