I don't normally comment on boxes. This one actually represented the difficulty level in my opinion. As far as how real it is very real if your doing a pentest. Dumping GC and grepping for keywords is very common way of finding interesting things ev…
I'm having a rough time putting all the pieces together to gain initial foothold. Found vulnerabilities in a few different places where I can read files. Found another that lets me "execute" files when something happens. Not sure how to go…
Type your comment> @aiak0s said:
> Type your comment> @kan3k1 said:
> And from windows the same message...
Thinking like a pentester I ask myself whether I care if the program actually works or not. Why am I eve…
Type your comment> @VbScrub said:
I was in the same boat but between the batman video from ippsec and https://stackoverflow.com/questions/19631739/powershell-remoting-from-a-windows-service
I was able to get shell from the non-user user…
Best nmap can do is guess. The way it guesses is by the reply of the open ports and such. If there are not many open ports to none it wont tell you anything as far as os goes.
You can try nmap -sT -O IPADDR
Sometime the only clue you will have…
> @Tugzen said:
> I stuck on user part..I am looking for th db via http://10.10.10.115/b**/_al/_search but I can't see anything important..How should I take user,with reverse txt or will get credentials from db from web search?Any nudge pleas…
Normally Ill redo a machine so i can grab snapshots of what I did. If your trying to understand what you did and why it work is also a good reason.
If your just there for the flags then there is no reason to redo it
Type your comment> @nemen said:
> Hi user.txt taken. I went up as a user k ******. now I don't know how to go on. any small suggestions?
Enumerate what you have. Reaearch what that user is for and the software as a whole.
Then when you …
Type your comment> @vGsec said:
> @fasetto said:
> @Xtrato Use quotes. curl 'url-here'
> I managed to get a shell once but right now the same command is doing nothing.
Try renaming it. Thing…
After getting a terminal:
python -c 'import pty; pty.spawn("/bin/bash")'
stty raw -echo
(In case of unknown terminal type try: linux)
Then fix up t…
Type your comment> @Tugzen said:
> Hi Guys,I could get the user.txt
> But ı couldn't crack the S*M file with john .I just could able to do it online via hashkiller.If someone can crack via John,please send me a PM.I really wonder what i…
Depends on how you learn. IppSec has a bunch of videos on youtube. If you have a VIP then work on the archived boxs and watch the videos. Best way to learn in my opinion is just doing it.