gu4r15m0

About

Username
gu4r15m0
Joined
Visits
408
Last Active
Roles
Member

Comments

  • Got User! - Very cool vulnerability to leak files Stuck trying to get root. The nudges in the thread are not helping :disappointed: I guess that means there's something for me to learn. Can't make sense of this GTFO... any help please? UPDATE: Ro…
    in Admirer Comment by gu4r15m0 May 2020
  • yay! rooted! Enough tips in this thread... very simple once you spot the right file
    in Magic Comment by gu4r15m0 April 2020
  • Oops! Said too much?! Rooted
    in ServMon Comment by gu4r15m0 April 2020
  • (Quote) It is where the clues say it is
    in ServMon Comment by gu4r15m0 April 2020
  • Type your comment> @cyb3rsinn3r said: (Quote) Oh, that's just how to test the PoC. Think about what would be helpful to read instead of that file
    in ServMon Comment by gu4r15m0 April 2020
  • Type your comment> @GibParadox said: (Quote) Can't get it to work, and the service keeps crashing, plus all the resets... I guess I'll try again down the week.
    in ServMon Comment by gu4r15m0 April 2020
  • Type your comment> @heraenshah05 said: (Quote) Same here, any nudges?
  • Spoiler Removed
  • Type your comment> @VbScrub said: > @gu4r15m0 the chef is just a website that does encryption/decryption for you when given parameters like secret key and input text etc Amazing!! I just found the website, gonna get a closer look. But no n…
    in Cascade Comment by gu4r15m0 April 2020
  • Rooted! Finally got some time and did this box! Learn a couple of new things, like how to bring back the dead. No idea what is this Chef people talk about. Enough tips on this thread already, but for root you just need a couple of PS Cmdlets…
    in Cascade Comment by gu4r15m0 April 2020
  • Type your comment> @bee said: (Quote) It works as is, just change the File Name to what you want and the string to the parameters, you might want to add a line to print the response content, or see it through Burp.
    in Remote Comment by gu4r15m0 March 2020
  • Spoiler Removed What Spoiler?
    in Remote Comment by gu4r15m0 March 2020
  • Type your comment> @VbScrub said: (Quote) I'm in the US free VPN and nothing, the port is closed, already reset the box
    in Remote Comment by gu4r15m0 March 2020
  • Type your comment> @sparkla said: (Quote) Not working for me either, what type of technical error?
    in Remote Comment by gu4r15m0 March 2020
  • It took me longer to clone and build dnSpy than to do the bypass 😁. Great tool!! Thanks
  • Type your comment> @FailWhale said: (Quote) Yeah, no signing required, just well known reverse shell tool
    in Control Comment by gu4r15m0 March 2020
  • Type your comment> @Watskip said: (Quote) yup! Just don't know about this signing code thing. Any nudges? UPDATE: Rooted! That was quite a trip... learned a ton about PS against the Registry PS C:\Windows\system32> whoami /allwhoami /allUS…
    in Control Comment by gu4r15m0 March 2020
  • Type your comment> @TazWake said: (Quote) Completely stuck here. I found a few services I can see, actually was able to start one that wasn't running but can't stop it. No idea what to do with it or if there's another one. Any nudges?
    in Control Comment by gu4r15m0 March 2020
  • Type your comment> @dag0bert said: (Quote) Did you get the creds from the same source that gave you the shell injection?
    in Control Comment by gu4r15m0 March 2020
  • Rooted! In a race against time and people :smiley:
    in Traceback Comment by gu4r15m0 March 2020
  • Why people are pushing their own shell when there's already one? Got user. Going for root, but I keep getting kicked out by so many resets to the box.
    in Traceback Comment by gu4r15m0 March 2020
  • @TazWake said: > If you google for that word plus exploit github the best link is likely to be in the top 5 On point! Really simple exploit, works like a charm! ``` [email protected]:~# sha256sum root.txt fc8eefa1739404b6182211c83b384034966…
    in Book Comment by gu4r15m0 March 2020
  • Are the 403s expected? really annoying
  • Type your comment> @nando740 said: (Quote) Think about where do webapps usually store creds, and look for that between the folders you can read.
    in Registry Comment by gu4r15m0 March 2020
  • Done! Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-65-generic x86_64) System information as of Tue Mar 10 05:37:54 UTC 2020 System load: 0.0 Users logged in: 1 Usage of /: 5.6% of 61.80GB IP address for eth0:…
    in Registry Comment by gu4r15m0 March 2020
  • Are the files I upload suppose to disappear? Can't find a way around it :neutral: Any nudges?
    in Registry Comment by gu4r15m0 March 2020
  • @nando740 said: (Quote) The certificate error/warning is irrelevant, it is expected as the certificates are self-signed Are you using wget to download something? try --no-check-certificate If you are using curl, try -k
    in Registry Comment by gu4r15m0 March 2020
  • Type your comment> @nando740 said: (Quote) The certificate will give you a clue about what website to visit
    in Registry Comment by gu4r15m0 March 2020
  • I think I got user the not intended way, I was able to ssh in with what I pulled from the blobs, then reseted the box because it was giving me issues and now I can't ssh :neutral: EDIT: Disregard - it was the intended way, I had a typo :blush:
    in Registry Comment by gu4r15m0 March 2020
  • Done! I thought the only options for the Payload were PS cmdlets or scripts and that wasn't working, but I can call cmd from there. Thanks, @Ad0n @trab3nd0 @cyberafro PS C:\Users\Administrator\Desktop> dirdir Directory: C:\Users\Administrator…
    in Sniper Comment by gu4r15m0 March 2020
Avatar

Howdy, Stranger!

Click here to create an account.