It's enumeration of what you know. Scripting is a plus.
I've got user but I'm a bit stuck. I read the script and I think I have ideas but I'm not able to pull anything off. Playing with python and dumped loads of info just not sure what's important…
Most of this just comes down to experience, repetition, and research.
At first you won't know what to do, but after time and persistence, researching things you don't know you'll learn about them. This will continue over and over and before you know…
When I first did this I think it gave me issues too.
I think it's a tweak on what they teach you I can't remember.
There is another post about this but check out https://github.com/ffuf/ffuf for more information on using FFUF.
I mean a quick and dirty is just to comment out the password part.
This is a very simple form of sql.
you could put the user example'--+- and not even need a password
there are many ways to comment out the line though so you have to play with it a…
Hey broski, hit up the link in my sig.
Tons of us willing to help you grow and a place to ask questions anytime.
This field is crazy. It's MASSSSSSSSIVE.
So much to learn and the more you learn the more you know you don't know shit!
It helps t…
Hey, thanks for that. The foothold tripped me up a bit but after I thought about what I knew and what you said it clicked.
Interesting little method you don't see often like that.
:) rock on
Type your comment> @acidbat said:
from cli tasklist will work too. Depending on what type of shell you have and have access too.
There are some pretty decent courses on Udemy that cover windows but if you're just starting out HTB / tryh…
This field is massive. Like... endlessly massive.
You pretty much can't learn it all. You can try for sure though.
I started about 1.5 years ago maybe more now, not sure. I can tell you this...
At first everything is exciting and new. You learn pre…
Bro ncat all the way.
--ssl and other things. I've bypassed a few shell restrictions using openssl to connect back to ncat or openssl.
You can make a freaking private chat room with the damn thing lol. The things it can do are the same as nc plus …
Tough damn box, got web user creds and can do some things... but.. clearly not doing the right thing.
Could someone give me a nudge please and thank you.
:P not looking for the answer btw, just a tipping tip :)
In the pdf they link to a couple places and on their forums you'll find some advice for others.
There are privesc check list and such.
I always recommend people newer to the game to focus more on the PDF/Videos and student labs > public labs. I…
Type your comment> @yurivich said:
The only section that is more serious on the requirements is the actual team.
We are striving to be a top tier team and to do that we are looking for serious people.
Those are pretty light requirements …
My advice for you guys trying to get foothold... if you get a 500 debug/dump screen... read all the way through it... lol don't be like me.
Wasted a hour until I noticed that ;) could have had it soooo much sooner.
Interesting box, rough for my sk…
I'm guessing you're running as root or sudo on the commands yeah?
Now, I've never used this but saw it on a stream the other day.
It does have a section about python2 so maybe if you can't get it to work n…