darthgucci

About

Username
darthgucci
Joined
Visits
40
Last Active
Roles
Member

Comments

  • (Quote) In order to interact and get root you need a TTY shell. Pretty simple to accomplish once you understand how to get out of a jailed cell. Google is your friend. If you're using metasploit understanding how to use it to establish TTY will help…
    in NIbbles Comment by darthgucci May 2018
  • (Quote) There I reported it as a spoiler myself.
    in NIbbles Comment by darthgucci May 2018
  • (Quote) Yeah! even after reading you still have to make sure you have the right information and make sense out of what is happening. Awesome job!
    in NIbbles Comment by darthgucci May 2018
  • (Quote) The user is easy to obtain - look through every file on web The password you have to guess - don't overthink it (it's OBVIOUS)
    in NIbbles Comment by darthgucci May 2018
  • (Quote) Removed by request - Arrexel
    in NIbbles Comment by darthgucci May 2018
  • (Quote) nope, try using different payloads in metasploit. One works every time, the others are flaky. You just have to try them all
    in NIbbles Comment by darthgucci May 2018
  • Can someone point me in the right direction, I know what the machine is vulnerable too. I verified this via nmap and then user metasploit, i found the php files and the encoded hype text. I've ran this exploit close to 57 times and I still havent fo…
    in Valentine Comment by darthgucci May 2018
  • (Quote) After a certain amount of time passes you can't edit your comment
  • Okay, so I was able to get r00t. Make sure the commands you're running are PERFECT. I was missing an argument and hence why I couldn't establish TTY. There are a few ways to accomplish this machine though. Looking forward to the write ups.
  • Spoiler Removed - Arrexel
    in NIbbles Comment by darthgucci May 2018
  • (Quote) Dude the password is literally staring you in the face....
    in Nibbles Comment by darthgucci May 2018
  • (Quote) good job! got r00t this morning
    in Nibbles Comment by darthgucci May 2018
  • also remember google is your friend
    in Nibbles Comment by darthgucci May 2018
  • for those of you trying to get root, once you enumerate the system you need to figure out how to exploit the interesting this you find from the enumeration output
    in Nibbles Comment by darthgucci May 2018
  • (Quote) For meterpreter you need to set lhost, rhost, uri, admin, password, and payload. And you need to pick the right payload.
    in Nibbles Comment by darthgucci May 2018
  • (Quote) I can't tell you where, since that would give you the answer. Under /admin/ there are directories and files. Search through them and you'll find the username
    in NIbbles Comment by darthgucci May 2018
  • Spoiler Removed - Arrexel
    in NIbbles Comment by darthgucci May 2018
  • so i tried to get LinEnum on the host via wget, curl, and scp from my host but none of them work. Can someone point me in the right direction as to how to get the shell script on the host> @Demosz said: (Quote) How did you get the LinEnum.sh to …
    in NIbbles Comment by darthgucci May 2018
  • (Quote) I figured it out, the upload command in meterpreter kept spitting out errors, but i figured it out after a couple of tries.
    in NIbbles Comment by darthgucci May 2018
  • so i tried to get LinEnum on the host via wget, curl, and scp from my host but none of them work. Can someone point me in the right direction as to how to get the shell script on the host
    in NIbbles Comment by darthgucci May 2018
  • So I'm trying to use LinEnum.sh, can someone PM and help me?
    in NIbbles Comment by darthgucci May 2018
  • (Quote) I was able to get shell to work after a few tries. Host is a bit buggy. The same shell which had failed 3-4 times before worked. Got the user hash. Working on r00t
    in NIbbles Comment by darthgucci May 2018
  • So getting the username and password was easy and finding the admin panel was pretty simple too. Now the only issue is the exploit. I found the exploit but I keep getting the "manual cleanup of 'image.php' on the target" error. I reset the…
    in NIbbles Comment by darthgucci May 2018
  • (Quote) HAHAHA I was staring the flag the entire time
  • So I was able to decipher the text with jcrypt after messing around with it for a while. I still can't get the flag though, I'm not sure as to what to do next.
  • Did anyone figure this out? I was able to connect just find a couple of days ago, but now all the web challenges are timing out on me. I tried it on and off the VPN, but nothing changed.
Avatar

Howdy, Stranger!

Click here to create an account.