HomeSen
About
- Username
- HomeSen
- Joined
- Visits
- 2,615
- Last Active
- Roles
- Member
Comments
-
Check the other port. It will allow you to "deliver" your payload.
-
@pagal said: (Quote) Check if the machine has been restarted. The service (and all the other services it depends on) takes its time to start. Otherwise, try resetting the box, and wait ~5-10 minutes.
-
@aimforthehead said: (Quote) Regarding the file: Just add a newline at the end, and you're good to go. "Newer" versions of the tool seem to choke on it, when there's no line-break at the end ^^
-
Can you provide some more context, please?
-
Usually, you should have cookies assigned to you that identify you to the webserver. So, you could simply use wfuzz -b cookie=value1 -b cookie2=value2 ... to test with your authenticated session.
-
Hi. You might want to follow along with the already existing thread: https://forum.hackthebox.eu/discussion/4103/official-luanne-discussion ;)
-
Got a shell, but am now drawing a blank, since none of the scripts returned anything useful. Got a few passwords, but they don't work for the desired user. Should I hunt for more creds (though I can't imagine where to find more), or am I on the wron…
-
@zweeden said: (Quote) Got the same, but am starting to think it is a rabbit hole. Though the other thing also looks like a rabbit hole. Damn, I dislike alleged "easy" boxes :D @RJGordon said: (Quote) Well, that's the other thing I foun…
-
I think I know what to do. But it seems like information about this specific attack path is rather sparse :(
-
@weeeeeeeeee said: (Quote) This is on purpose. I suggest taking a look at @TazWake's response, here: https://forum.hackthebox.eu/discussion/comment/87478/#Comment_87478
-
So, I managed to get some data, and then some more. I managed to generate a "definition" and the according code from it. But whenever I try to send out simple stuff, I get back different exception responses from the box (with neither reall…
-
Does anyone know, if and when a badge will be released for this machine? I mean, it went live almost 5 months ago :D
-
@krisp33 said: (Quote) When you can’t send it, try to rather pull it ;)
-
Can you connect to you netcat listener from your host system? Maybe try opening the address+port in your browser `http://<ip-of-your-kali-vm-NOT-THE-VPN-ADDRESS>:9001/` If that doesn’t work, check your Kali's firewall (iptables, nftables, wh…
-
Ah okay. Well, 30 minutes would be a tad bit too much, though. Maybe someone killed the service (or one of the dependencies) in the meantime. But yea, it sounds really odd.
-
@TazWake said: (Quote) From the descriptions I read in this thread, it's probably related to slow service start, combined with people resetting the machine due to the 502 :D The service really takes its time to come up, and until then the upstream …
-
Rooted. What an awesome ride. Thank you @TazWake for the nudges along the way. I really need to dig deeper into Linux forensics. Thank you @D4nch3n for a great box. Really loved it from start to finish :)
-
@TazWake said: (Quote) The vagueness was just right. Managed to grab user. Thanks :) And for the last step, I assume that something else was left behind, somewhere. Guess, I need to enum even more :/
-
Too bad. It was just an idea, since that's the most-capable deobfuscator for .NET
-
Thanks, @TazWake. Will look into the other stuff tomorrow. Now it's time for some overdue sleep :D
-
So, I'm pretty sure I know what to do to get from foothold to the next user, but without write-privileges to that certain folder, I have no idea how to achieve this. A certain config setting of the m**** service disallows reading from/writing to tha…
-
@AHam1lt0n , @bashsupremacy I sent you a PM. There are several publicly available scripts that work without MSF ;)
-
De4Dot has a .NET Reactor module. But not sure if it also works with version 6.3 https://github.com/de4dot/de4dot
-
Too bad. Just checked how Chrome would URL-encode those. Maybe try %EF%BC%88 and %EF%BC%89 for the opening and closing parentheses.
-
Have you tried using alternative parentheses? Like e.g. the UTF-8 full-width characters? Maybe the filter is somewhere in front and Jinja gracefully converts them back, for you. os.system('id') aka. os.system%uff08'id'%uff09
-
@TazWake said: (Quote) It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.
-
@ZanderMiller said: (Quote) With a recent upgrade on Kali, many Python2 packages have been removed (including pip2) and only a bare minimum of modules remained. In order to get pip2 back (it was removed from the repositories), download the tar arch…
-
@TazWake said: (Quote) D'oh. I was afraid someone came up with that :D (Quote) I see what you mean, here. Will try that. Thanks. (Quote) Good to know. Because on the other location it remained for quite some time.
-
Managed to grab some creds and also know how to get stuff into "the cloud" (used the API instead of the CLI, though). Just not sure how that links to the main page or how to get it executed over there :/ Anyone willing to spare a hint on h…
-
@sparkla Working at the customer's site is pretty much a must. You can usually negotiate the amount of traveling (e.g 30% of your overall working time, or less or more), but that will affect your salary. It's not necessarily that the customer doesn'…
