Last Active


  • Anybody else getting Ldap Connection Failure.Try again with the IgnoreLdapCert option if using SecureLDAP or check your DomainController/LdapPort option ? Edit: Switched to from Sharp to Blood and it worked smoothly.
    in Forest Comment by Omnisec October 2019
  • The only issue in this box for me was trying the box on an offline Apache server due to which I wasted hours on being unable to exploit the vulnerability for getting shell. Rest of the box was quite easy. I suppose this is the easiest box in the cur…
  • Is metasploit's password.lst enough for c*****? I'm far far away from the nearest servers so bruteforcing is not so easy for me.
    in Wall Comment by Omnisec September 2019
  • One of the nicest machines I have seen yet even though I'm a newbie. Kudos to @dm0n and @Stylish for their work. I learnt a LOOOOT about things and that too in depth; especially since they didn't mean a thing :joy:
    in Falafel Comment by Omnisec April 2018
  • m->y. What could I possible be missing? Am I working in the wrong direction with the logs? Anyone care to discuss?
    in Falafel Comment by Omnisec April 2018
  • Running a privesc enum script would most probably shed an highlight on what you are looking for.
  • @davidlightman Even basic RCE is enough to complete this. However, it is also possible to do what you are trying to do. Feel free to PM. However, I think there is enough information here to solve. P.S. Works without globbing as well.
  • @FlapJack Combined all of this discussion is just a one big spoiler. Ummm I don't know if one could put anything else over here. Perhaps DM me if you are still stuck.
    in Sense Comment by Omnisec March 2018
  • If someone could PM with a nudge on how to utilize the found parameter? There is no apparent change in the output with the input I give except for those that are rejected by the WAF. Any help would be appreciated.
  • (Quote) You did all the right things and should have found the answer. PM if you want to be more specific. Shouldn't spill out the details here.
  • Issue with extracting mona.jpg. Says invalid compressed data to inflate .
  • (Quote) Hmmm... ever wondered if you already had the priv?
  • (Quote) Check DM
    in Sense Comment by Omnisec February 2018
  • I'm having an issue with formation of the payload. How to keep the payload under 730 bytes while avoiding the mentioned characters?
  • I'd like to intern with someone but I'm pretty active tho.
  • @r00tbeer said: (Quote) My problem is finding the relevant login. Oracle is not much of a problem for me. Need a push at that.
  • I'm not having a difficulty while "busting" the cookie. However, i do need a little bit of push regarding how to reach the administrator account?

Howdy, Stranger!

Click here to create an account.