@byd3fault said:
(Quote)
Its enumeration at its core. Find something, use it. Get stuff from the new thing. Turn the stuff into something you can read. Use it. Pay attention to all the hints you might have picked up along the way to build your own…
@headfox said:
(Quote)
Each box only has one external IP, so you need to point any domain names you want to use at that IP.
Its worth remembering that there isn't access to DNS, so if you want to visit example.htb on the HTB VPN, you need to tell …
So, I'd suggest:
* check the payload you have selected is correct. Running staged vs unstaged is one of the most common reasons for a session to fail
* something is missing in the configuration
* you've used the wrong IP address for LHOST
Failing …
@gh0stm5n said:
(Quote)
That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once I've worked out how to exploit the binary fully. Finding an executable "victim" to run it on is defeating me.…
What is the error message?
Are you running sudo before you try to open the OpenVPN (Kali 2020 has decided you need to run sudo a lot before you can do anything usefull, when the old versions were a bit more permissive)
@byd3fault said:
(Quote)
In general, HTB boxes have no internet access. They cant send traffic to internet resources.
(Quote)
Yes
(Quote)
Look closely at the options you have and what happens when you try them.
@typefreak2 said:
(Quote)
Look for places where a password might be defined. Think about what you attacked to get where you are. Remember password re-use is a thing.
@gh0stm5n said:
(Quote)
There are some on an online resource, but I don't know how useful it would be. I am not even sure how the binary would be used to privesc.
It is generally the oldest but not always - Rope2 was active for about 6 months while other boxes got retired.
As far as I can see, it is down to the balance of boxes between OSes etc. It is nearly always one of the four oldest boxes to go.
If you…
@all said:
(Quote)
Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:
@gh0stm5n said:
(Quote)
Thanks - I am pretty much in the 11th circle of hell trying with that right now. You have no idea the mistakes I've made getting to even this starting point :lol:
@Trist3 said:
(Quote)
So that explains why pinging 10.10.10.3 (Lame) resulted in 100% packet loss. You need to target 10.10.10.209 but make sure the Doctor machine is active first.
I get not many people have done this box - but can anyone confirm if I need to set up a local server to receive responses from the box on the higher of the open ports?