C3PJoe

About

Username
C3PJoe
Joined
Visits
211
Last Active
Roles
Member

Comments

  • Scored root on Bastion. If anyone needs a nudge, PM me. Hint: Enumerate, Enumerate, enumerate. See which users are on the box, what is installed, and what is running. Go snooping from here.
    in Bastion Comment by C3PJoe September 2019
  • @Azeroth, you won't find it there. There is another couple of steps before you get there.
    in Bastion Comment by C3PJoe September 2019
  • @1337mm look at my comment above.
    in Heist Comment by C3PJoe September 2019
  • Finally got root. Hints: User: enumerate, enumerate, enumerate crack what you enumerate enumerate some more Look beyond what you think is normal play with the rubies Root: Think a little forensically Grep and Strings are your friend Don't we alway…
    in Heist Comment by C3PJoe September 2019
  • Worked out the kink, thanks!
  • I always get this error: ruby evil-winrm.rb -i 10.10.10.x -u -p Info: Starting Evil-WinRM shell v1.6 Info: Establishing connection to remote endpoint Error: Can't establish connection. Check connection params Error: Exiting with code 1
  • Thanks @dee33 !
    in Heist Comment by C3PJoe September 2019
  • I tried e-w**** and the ruby script. E-W**** doesn't work per other comments and the ruby script throws a boatload of errors. Can someone help?
    in Heist Comment by C3PJoe September 2019
  • I need help. I have ran one exploit and gained access to the web portal. I think I know what needs to be done but they are not working. I have researched a few vulnerabilities but their dependencies are not installed.
  • I think I know what I need to do to get initial access, but it doesn't seem to be working. Can someone DM me for a nudge?
    in Networked Comment by C3PJoe August 2019
  • Could I get a nudge? I think I have enumerated most everything. I am missing something.
    in Luke Comment by C3PJoe June 2019
  • I have identified the CMS. I have tested a few things from exploit-db and (regretfully) metasploit but it doesn't seem to work. Can someone DM me with a nudge?
  • I have user. I have enumerated some processes running as root and have a theory to get to root, but my ideas haven't translated to any pwnage. Can someone DM me a nudge?
    in Irked Comment by C3PJoe March 2019
  • I have gotten user. I think I know a path to root, but I am having trouble logging in. Can some DM me with a nudge?
    in Netmon Comment by C3PJoe March 2019
  • I have logged in. I found the thing that shows where things run. I am drawing blank on what to do next. Can someone PM me with a nudge?
    in Carrier Comment by C3PJoe March 2019
  • @rantrel make sure to meet up with Adrian Crenshaw (IronGeek). He is a mead aficionado.
  • Rooted. I made it way harder than it really is.
  • (Quote) You may have luck with reading up on the un-(incorrect spelling of breakfast food commonly put in a bowl with milk) bug.
  • I have gained access to the portal. I am struggling to get a shell of any kind. Can someone please DM me to help me work through it?
    in Hawk Comment by C3PJoe July 2018
  • (Quote) Check Github for relevant tools to help you.
    in Hawk Comment by C3PJoe July 2018
  • I have the .enc file. I have tried using a tool from Github (based on error output) to no avail. Can someone PM me to discuss the tool and where I am going wrong?
    in Hawk Comment by C3PJoe July 2018
  • @laylow That part is frustrating. You only have about a 30 second window to get in before it gets overwritten. This box is best attempted in the middle of the day when people are at work.
    in Bounty Comment by C3PJoe July 2018
  • I have the CVE exploit uploaded and in place. I cannot figure out how to leverage it for System owning. Can anyone DM me with a hint please?
    in Bounty Comment by C3PJoe July 2018
  • Can someone please PM me and help with my vnc syntax?
    in Poison Comment by C3PJoe July 2018
  • Dumped the processes, dumped the memory, searched the strings, found the links, still no luck. Any help?
    in Reminiscent Comment by C3PJoe July 2018
  • I have the files organized in Linux. I have tried spelling the challenge name and converting from hex to ASCII. No bueno. Any nudges?
    in misDIRection Comment by C3PJoe July 2018
  • @WickedClownUK I will be attending BSides LV and DEF CON. I am speaking at BSides and will be competing in the Social Engineering Capture the Flag (SECTF) on Saturday.
  • @magnus, John and fcrack are useless here. Start with strings or xxd then use that hint and refer to the challenge name.
  • Way easier than it seems. Keep the file type in mind and search online.
  • (Quote) I always liked watching him take a bite out of crime!
    in Jerry Comment by C3PJoe July 2018
Avatar

Howdy, Stranger!

Click here to create an account.