For me, the foothold wasn't too tough, but a failure during the enumeration killed about 6 hours of my time. See, when I enumerated, the tool I used told me that a certain thing was inaccessible, so I never tried to further enumerate it. Thus, eve…
@lebutter said:
(Quote)
Yeah, I rationalized it in my head by saying, "Well, maybe that user was attempting to authenticate to an unencrypted web-mail server link that I sent, except that's not what I sent, but I could have." :smiley:
(Quote)
Yeah, I figured they had something scripted up to automate reading mail and clicking on things or executing attachments or something. I haven't stumbled upon the correct payload yet to get the target to reach back to my system...
Just started this box today. I've found multiple addresses and have been trying different bait to no avail. In real life you'd want to exploit a trust relationship between the sender and the targeted recipient to set the hook... Is the case here?…
Whew. Rooted.
Foothold
The initial foothold for this was what took the longest. I eventually had to follow the advice of some of the commenters and install a local copy of the service to find where important files were stored. Even with that, i…
That was an adventure! Rooted. The hardest part, for me, was getting past the login page. Despite it being easy and trivial for some folks, and while I'd read about those attacks and understand exactly how they work, I'd never had to actually do …
This was harder for me than it should have been, mostly due to time spent trying to get a functional foothold shell and trying to get the root part to work remotely. This was a struggle, trying to find a way to do it without having to use a tool wh…
This one...wow. So many credentials that don't work anywhere!
I really enjoyed the early enumeration, because i felt I was on to something. Especially when I found that one of username/password combinations I had let me make t******s to the syste…
OK, finally got root both ways.
I really liked the initial enumeration over ***. I got sidetracked by two things I found there early on before focusing on the web site software itself and finding the file I needed.
For instance, did anyone else f…
(Quote)
Well I can tell you in my case I was getting an error when I was futzing with a certain service on the host, and while Googling for the error I found someone posted a comment, complaining about the same thing, to a web site which had a full …
(Quote)
Watch the spoilers, please. :-D
I saw your post, before it was removed, and was having the same issue you were, but then saw several people in the forums saying they didn't even use that tool at all but instead used a script developed by s…
Maybe I'm just blind, but is there a place in the new beta to view my current VPN connection information and statistics, similar to what is available on the older HTB "Access" web page? I looked for this info in the new platform but was u…
Rooted.
There is an abundance of information here in the forums, which was good for me because I was really stuck on finding the file with the initial foothold username. Once I got that, however, the rest was pretty easy. Also, you can ignore the…
@Osiris21
Oh, no worries! I'm learning here as well, so when I noticed the problem and was able to get it working, I wanted to pass along what I'd learned. :smiley:
@Osiris21 said:
(Quote)
@ntroot I believe there's a comment earlier in these messages in which someone provided a URL to a web site which lists three common ways system administrators come up with usernames for users. That should help.
@VbScrub, regarding submitting a ticket for broken winrm on Sauna.
(Quote)
Support got back to me and indicated they are "developing a fix for Sauna for winrm, as winrm has posed issued for us in the past." They also said the fix should…
Just in case anyone is trying to solve this and comes across this post...
I ran into this problem just now on Lame as well and was able to figure it out. My guess is the actual exploit itself has changed since the walkthroughs were written, or else…
Regarding metasploit, I ran into this problem just now on Lame as well and was able to figure it out. My guess is the actual exploit itself has changed since the walkthroughs were written, or else maybe my metasploit somehow was different.
Anyway, …
I ran into this problem just now on Lame as well and was able to figure it out. My guess is the actual exploit itself has changed since the walkthroughs were written, or else maybe my metasploit somehow was different.
Anyway, it appears the exploi…
Type your comment> @VbScrub said:
(Quote)
I specified in the ticked that it was in the AU free lab and the reply said they've had ticket for Sauna in other labs before but not the AU lab, so they'd look into it. They then suggested I try eithe…
I enumerated the first user pretty quickly and was able to get the password. Enumeration then revealed where I should pivot next, but the port I needed to be open wasn't available (AU free lab) even after multiple restarts. I spent about 8 hours l…