TazWake

I am away until 23 Feb 2020. Don't expect a response before then.

About

Username
TazWake
Joined
Visits
2,001
Last Active
Roles
Member

Comments

  • (Quote) There is a better thread for this discussion.
    in Sauna Comment by TazWake February 17
  • @nikostz said: (Quote) Scroll up. Literally the last 6 questions have been about this.
    in Nest Comment by TazWake February 17
  • @turtleface said: (Quote) Yeah, I got that.
    in Nest Comment by TazWake February 17
  • @turtleface said: (Quote) Is the empty file on the high port? Why not google the tool you use to access the port where the empty file is and how you can use it to recover what you are looking for? You are trying to find the information you need t…
    in Nest Comment by TazWake February 17
  • @WarrenVos said: (Quote) You've misunderstood the hints. There isn't a standard way to "use curl to get X". What people have said, several times is enumerate the box. When you find what you need to use curl on, you will understand how to…
    in OpenAdmin Comment by TazWake February 17
  • @DHIRAL said: (Quote) You need either that or J***
    in Sauna Comment by TazWake February 17
  • @turtleface said: (Quote) If you use the help tool in the client for that port, you can find a way to get all the info you need on the text file. Then google the tool you are using to connect & the way the data is stored in a stream. There is …
    in Nest Comment by TazWake February 17
  • @mab said: (Quote) Are you sure about that? Did you find a way to make it appear in clear text? Or did you bruteforce it with a wordlist?
    in Sauna Comment by TazWake February 17
  • @Crni said: (Quote) Sure - have a read through this thread which basically provides a tutorial for this box. If there is something you dont understand or can't get working either ask here for veiled hints or drop me a DM.
    in OpenAdmin Comment by TazWake February 16
  • @666Kuro666 said: (Quote) Happy to help but I am not sure what you are trying to do. Start with the begging of the key and go to the end. You can create your own to see what the layout should be.
    in OpenAdmin Comment by TazWake February 16
  • @Hackalicious said: (Quote) Drop me a DM saying what you've tried and what is going wrong.
  • @paddanada said: (Quote) You approach is correct. Take all the information you have right now - domains, obvious passwords, guesses, accounts, etc., and use that as the password list to try. When you get it, you will realise you currently have the…
  • @FlatMarsSociet said: (Quote) You need to enumerate & explore the lower port fully first.
    in Nest Comment by TazWake February 16
  • @febinrev said: (Quote) First off, try reading this https://forum.hackthebox.eu/discussion/2716/sauna#latest
    in Sauna Comment by TazWake February 16
  • @VbScrub said: (Quote) This is great - nice work.
  • @ivi174 said: (Quote) @ricanlinux said: (Quote) You can enumerate the homedirs on the file system without being in the user account.>
    in Traverxec Comment by TazWake February 16
  • @FlatMarsSociet said: (Quote) Ok - that makes sense, but it isn't in any wordlists I can find on Kali or Seclists. Did people just brute force it with H****** ?
    in OpenAdmin Comment by TazWake February 16
  • @littleheary said: (Quote) Try a different tool. The problem with "enum" type scripts is that they run a lot of things and if you dont fully understand what they are doing, the output can be a bit confusing/overwhelming/misleading. For …
  • @Hackalicious said: (Quote) You have the credentials you need to access the system. Try a tool which enumerates S**. C*********** works here.
  • @Zwm8e said: (Quote) https://forum.hackthebox.eu/discussion/comment/61221/#Comment_61221
    in Postman Comment by TazWake February 15
  • @sudu123 said: (Quote) I didn't find it in any standard wordlists on Kali. I would be interested to know how people cracked it though.
    in OpenAdmin Comment by TazWake February 15
  • @mayomacam said: (Quote) If you mean the remote code execution exploit, then you now need to use a combination of ls and cat to find something you can use to get a proper foothold as a user. If it is the user account, you need to search the box to…
    in OpenAdmin Comment by TazWake February 15
  • NVM
  • @xmvrvg said: (Quote) Keeping it very generic, there is a cookbook which almost walks you through the steps you need here. You do need to make some tweaks but it is pretty much spot on.
    in Postman Comment by TazWake February 14
  • @Y4m4t0 said: (Quote) As a general rule, run the plugins and analyse the data. Did you get it working following the instructions on the tool wiki page?
  • Anyone having issues building this?
  • @6062055 said: (Quote) Annoyingly it really is that obvious when you find it. All I can say is you might want to use CME rather than MSF and if you make a list of all the user accounts you can find and all the information you can find (domain name…
  • I know most people dont read back over the messages here but one very general tip: This box has a flow, there are things you need to do in a certain order. If you jump ahead, certainly if you have read something in the thread which seems worth tryi…
    in Nest Comment by TazWake February 14
  • @100 said: (Quote) Bold statement. Are you sure it is impossible? Are you sure you are trying to connect in the correct manner and are you use they are the correct credentials. I've just checked and it is certainly possible to connect with them. …
    in Nest Comment by TazWake February 14
  • I think the other user has to do it - I dont know if you can.
Avatar

Howdy, Stranger!

Click here to create an account.