Got a shell, but am now drawing a blank, since none of the scripts returned anything useful. Got a few passwords, but they don't work for the desired user.
Should I hunt for more creds (though I can't imagine where to find more), or am I on the wron…
Got the same, but am starting to think it is a rabbit hole. Though the other thing also looks like a rabbit hole. Damn, I dislike alleged "easy" boxes :D
Well, that's the other thing I foun…
So, I managed to get some data, and then some more.
I managed to generate a "definition" and the according code from it. But whenever I try to send out simple stuff, I get back different exception responses from the box (with neither reall…
Can you connect to you netcat listener from your host system?
Maybe try opening the address+port in your browser `http://<ip-of-your-kali-vm-NOT-THE-VPN-ADDRESS>:9001/`
If that doesn’t work, check your Kali's firewall (iptables, nftables, wh…
From the descriptions I read in this thread, it's probably related to slow service start, combined with people resetting the machine due to the 502 :D
The service really takes its time to come up, and until then the upstream …
Rooted. What an awesome ride. Thank you @TazWake for the nudges along the way. I really need to dig deeper into Linux forensics.
Thank you @D4nch3n for a great box. Really loved it from start to finish :)
So, I'm pretty sure I know what to do to get from foothold to the next user, but without write-privileges to that certain folder, I have no idea how to achieve this. A certain config setting of the m**** service disallows reading from/writing to tha…
Have you tried using alternative parentheses? Like e.g. the UTF-8 full-width characters? Maybe the filter is somewhere in front and Jinja gracefully converts them back, for you.
It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.
With a recent upgrade on Kali, many Python2 packages have been removed (including pip2) and only a bare minimum of modules remained. In order to get pip2 back (it was removed from the repositories), download the tar arch…
D'oh. I was afraid someone came up with that :D
I see what you mean, here. Will try that. Thanks.
Good to know. Because on the other location it remained for quite some time.
Managed to grab some creds and also know how to get stuff into "the cloud" (used the API instead of the CLI, though). Just not sure how that links to the main page or how to get it executed over there :/
Anyone willing to spare a hint on h…
@sparkla Working at the customer's site is pretty much a must. You can usually negotiate the amount of traveling (e.g 30% of your overall working time, or less or more), but that will affect your salary. It's not necessarily that the customer doesn'…
This depends on the actual engagement ;)
Sometimes, customers just want (to pay for) simple vulnerability scans. But most of the times, they rather prefer an actual penetration test which can still involve running Nessus agains…
As already mentioned else-where, I am a penetration tester (and forensicator) in Germany. First off: I obviously can't speak about salary, but I found the following (German) blog post quite accurate: https://www.prosec-networks.com/blog/d…