avoidy

About

Username
avoidy
Joined
Visits
102
Last Active
Roles
Member

Comments

  • Type your comment> @l30n said: (Quote) You can shoot me a PM, make sure to include everything you tried. I need some help with the web-panel login, I do have all users & passwords enumerated. I also do have four login endpoints. I literally…
    in Luke Comment by avoidy August 2019
  • Nice box, user was really fun in my opinion. Root was very easy you just have to enumerate and put the pieces together. Small tip for user: Read the sources and gain an understanding how the upload process works.
  • (Quote) What are some common usernames for web interfaces?
    in Carrier Comment by avoidy November 2018
  • And rooted! - What a fun box, I really liked the whole jumping hosts part. The only downsite: As this is a new machine, so many people mess with things, or even do destructive things like nuking the home directory and so forth...I think it is time f…
    in Vault Comment by avoidy November 2018
  • Got user, looks like my tunnel did not work for whatever reason, maybe the box was overloaded, but it does now. Onto root! Thanks @Skunkfoot
    in Vault Comment by avoidy November 2018
  • (Quote) Nope, but I guess I need to do some tunneling to access said "configuration tester"? Nevertheless, I will look into it.
    in Vault Comment by avoidy November 2018
  • Hm, any hints for lateral movement? Got a shell as d**e, I found some creds aswell, got some interesting ips, yet I am not quite sure how to access those and the password I found does not work with the "DNS + Configurator" server. Did …
    in Vault Comment by avoidy November 2018
  • (Quote) Hmm, I am in the same boat as you. The only 200 that came back was for index.php...
    in Vault Comment by avoidy November 2018
  • (Quote) Sure, send me a message.
    in Zipper Comment by avoidy November 2018
  • (Quote) OK... That is a private subnet, so no it is not a public facing admin panel! Have you checked your routes, or your local subnet? - I think its your wireless residential gateway or access point.
    in Curling Comment by avoidy November 2018
  • (Quote) Take a look at your file, all you need should be in there.
  • (Quote) Spoiler Removed - Arrexel (Quote) If you are on free, perhaps because people keep messing with it.
    in Zipper Comment by avoidy November 2018
  • (Quote) Look at the source, from there figure out what file it calls and with what parameters.
  • Edit: Got the pass, now its time to look where to use it..
    in Frolic Comment by avoidy November 2018
  • (Quote) Try fiddeling with the hostid parameter (you can get it via that lower interface). Alternatively I think theres a flag like execute_on.
    in Zipper Comment by avoidy November 2018
  • (Quote) One of the passwords should be valid. Hint: Take a look from which folder you pulled it.
    in Access Comment by avoidy November 2018
  • That is the intended way, people seem to open up the GUI via config, eventhough there is no need. Think on a lower level!
    in Zipper Comment by avoidy November 2018
  • (Quote) The only hint I can give to both of you is: Users are lazy and apparently really hate retyping their passwords or in this case, the admin! :smile:
    in Access Comment by avoidy October 2018
  • Take a look at the guest interface, it is basically all you need. Re-read this thread, some great advice in here. (As always! :smiley:) Recently found the user.txt, now going for root! edit: got root!
    in Zipper Comment by avoidy October 2018
  • (Quote) I personally used hashcat, but according to the previous replies here JTR (the community enhanced edition) should work. I******t should have a tool that helps with that. There is a commandline flag to directly export a usable hash for said c…
  • 7za x myfile.z** If I remember correctly its due to the zip file being encrypted with aes so you get an invalid sequence with z**. For the p** file, depends on your system, if on windows simply import or open in outlook. If on a linux OS then in…
    in Access Comment by avoidy October 2018
  • (Quote) If I recall, I did not have to crack the password, it was obtained via another file.
    in Access Comment by avoidy October 2018
  • Got user, onto root! edit: rooted, what a fun box!
    in Hawk Comment by avoidy October 2018
  • Finally root, had to fight a bit with the format of the hash, but got it in the end.
  • Got user and now onto root. Thanks @lemarkus
  • Phew, one of my first windows boxes, got root and user fairly straightforward!
    in Access Comment by avoidy October 2018
  • edit: Got user, thanks for any hints! :) Root was way easier than user, imo.
    in Curling Comment by avoidy October 2018
  • (Quote) Work out how fileRead works and dont focus so much on the user.txt, instead take a very good look at the users directory, everything you need is in it. edit: Finally got root, great box!
  • (Quote) Enumerate more, there is a file in the home directory that sticks out like a sore thumb. Also try reading this thread over and over again, some great advice in here.
Avatar

Howdy, Stranger!

Click here to create an account.