TazWake
I am away until 23 Feb 2020. Don't expect a response before then.
About
- Username
- TazWake
- Joined
- Visits
- 2,001
- Last Active
- Roles
- Member
Comments
-
(Quote) There is a better thread for this discussion.
-
@nikostz said: (Quote) Scroll up. Literally the last 6 questions have been about this.
-
@turtleface said: (Quote) Yeah, I got that.
-
@turtleface said: (Quote) Is the empty file on the high port? Why not google the tool you use to access the port where the empty file is and how you can use it to recover what you are looking for? You are trying to find the information you need t…
-
@WarrenVos said: (Quote) You've misunderstood the hints. There isn't a standard way to "use curl to get X". What people have said, several times is enumerate the box. When you find what you need to use curl on, you will understand how to…
-
@DHIRAL said: (Quote) You need either that or J***
-
@turtleface said: (Quote) If you use the help tool in the client for that port, you can find a way to get all the info you need on the text file. Then google the tool you are using to connect & the way the data is stored in a stream. There is …
-
@mab said: (Quote) Are you sure about that? Did you find a way to make it appear in clear text? Or did you bruteforce it with a wordlist?
-
@Crni said: (Quote) Sure - have a read through this thread which basically provides a tutorial for this box. If there is something you dont understand or can't get working either ask here for veiled hints or drop me a DM.
-
@666Kuro666 said: (Quote) Happy to help but I am not sure what you are trying to do. Start with the begging of the key and go to the end. You can create your own to see what the layout should be.
-
@Hackalicious said: (Quote) Drop me a DM saying what you've tried and what is going wrong.
-
@paddanada said: (Quote) You approach is correct. Take all the information you have right now - domains, obvious passwords, guesses, accounts, etc., and use that as the password list to try. When you get it, you will realise you currently have the…
-
@FlatMarsSociet said: (Quote) You need to enumerate & explore the lower port fully first.
-
@febinrev said: (Quote) First off, try reading this https://forum.hackthebox.eu/discussion/2716/sauna#latest
-
@VbScrub said: (Quote) This is great - nice work.
-
@ivi174 said: (Quote) @ricanlinux said: (Quote) You can enumerate the homedirs on the file system without being in the user account.>
-
@FlatMarsSociet said: (Quote) Ok - that makes sense, but it isn't in any wordlists I can find on Kali or Seclists. Did people just brute force it with H****** ?
-
@littleheary said: (Quote) Try a different tool. The problem with "enum" type scripts is that they run a lot of things and if you dont fully understand what they are doing, the output can be a bit confusing/overwhelming/misleading. For …
-
@Hackalicious said: (Quote) You have the credentials you need to access the system. Try a tool which enumerates S**. C*********** works here.
-
@Zwm8e said: (Quote) https://forum.hackthebox.eu/discussion/comment/61221/#Comment_61221
-
@sudu123 said: (Quote) I didn't find it in any standard wordlists on Kali. I would be interested to know how people cracked it though.
-
@mayomacam said: (Quote) If you mean the remote code execution exploit, then you now need to use a combination of ls and cat to find something you can use to get a proper foothold as a user. If it is the user account, you need to search the box to…
-
NVM
-
@xmvrvg said: (Quote) Keeping it very generic, there is a cookbook which almost walks you through the steps you need here. You do need to make some tweaks but it is pretty much spot on.
-
@Y4m4t0 said: (Quote) As a general rule, run the plugins and analyse the data. Did you get it working following the instructions on the tool wiki page?
-
Anyone having issues building this?
-
@6062055 said: (Quote) Annoyingly it really is that obvious when you find it. All I can say is you might want to use CME rather than MSF and if you make a list of all the user accounts you can find and all the information you can find (domain name…
-
I know most people dont read back over the messages here but one very general tip: This box has a flow, there are things you need to do in a certain order. If you jump ahead, certainly if you have read something in the thread which seems worth tryi…
-
@100 said: (Quote) Bold statement. Are you sure it is impossible? Are you sure you are trying to connect in the correct manner and are you use they are the correct credentials. I've just checked and it is certainly possible to connect with them. …
-
I think the other user has to do it - I dont know if you can.
