japh42

About

Username
japh42
Joined
Visits
218
Last Active
Roles
Member

Comments

  • For me, the foothold wasn't too tough, but a failure during the enumeration killed about 6 hours of my time. See, when I enumerated, the tool I used told me that a certain thing was inaccessible, so I never tried to further enumerate it. Thus, eve…
  • @lebutter said: (Quote) Yeah, I rationalized it in my head by saying, "Well, maybe that user was attempting to authenticate to an unencrypted web-mail server link that I sent, except that's not what I sent, but I could have." :smiley:
  • (Quote) Yeah, I figured they had something scripted up to automate reading mail and clicking on things or executing attachments or something. I haven't stumbled upon the correct payload yet to get the target to reach back to my system...
  • Just started this box today. I've found multiple addresses and have been trying different bait to no avail. In real life you'd want to exploit a trust relationship between the sender and the targeted recipient to set the hook... Is the case here?…
  • Whew. Rooted. Foothold The initial foothold for this was what took the longest. I eventually had to follow the advice of some of the commenters and install a local copy of the service to find where important files were stored. Even with that, i…
  • That was an adventure! Rooted. The hardest part, for me, was getting past the login page. Despite it being easy and trivial for some folks, and while I'd read about those attacks and understand exactly how they work, I'd never had to actually do …
    in Magic Comment by japh42 August 4
  • This was harder for me than it should have been, mostly due to time spent trying to get a functional foothold shell and trying to get the root part to work remotely. This was a struggle, trying to find a way to do it without having to use a tool wh…
  • This one...wow. So many credentials that don't work anywhere! I really enjoyed the early enumeration, because i felt I was on to something. Especially when I found that one of username/password combinations I had let me make t******s to the syste…
    in Admirer Comment by japh42 July 10
  • OK, finally got root both ways. I really liked the initial enumeration over ***. I got sidetracked by two things I found there early on before focusing on the web site software itself and finding the file I needed. For instance, did anyone else f…
    in Remote Comment by japh42 July 8
  • (Quote) Well I can tell you in my case I was getting an error when I was futzing with a certain service on the host, and while Googling for the error I found someone posted a comment, complaining about the same thing, to a web site which had a full …
    in Remote Comment by japh42 July 8
  • Has this box been out and retired once already? I found a total walkthrough for it online...
    in Remote Comment by japh42 July 8
  • (Quote) Watch the spoilers, please. :-D I saw your post, before it was removed, and was having the same issue you were, but then saw several people in the forums saying they didn't even use that tool at all but instead used a script developed by s…
  • Maybe I'm just blind, but is there a place in the new beta to view my current VPN connection information and statistics, similar to what is available on the older HTB "Access" web page? I looked for this info in the new platform but was u…
  • Rooted. There is an abundance of information here in the forums, which was good for me because I was really stuck on finding the file with the initial foothold username. Once I got that, however, the rest was pretty easy. Also, you can ignore the…
  • @Osiris21 Oh, no worries! I'm learning here as well, so when I noticed the problem and was able to get it working, I wanted to pass along what I'd learned. :smiley: @Osiris21 said: (Quote)
  • @ntroot I believe there's a comment earlier in these messages in which someone provided a URL to a web site which lists three common ways system administrators come up with usernames for users. That should help.
    in Sauna Comment by japh42 June 26
  • @mared said: (Quote) I PM'd you something that might help you make sure you're loading the Powershell scripts correctly.
    in Sauna Comment by japh42 June 26
  • @VbScrub, regarding submitting a ticket for broken winrm on Sauna. (Quote) Support got back to me and indicated they are "developing a fix for Sauna for winrm, as winrm has posed issued for us in the past." They also said the fix should…
    in Sauna Comment by japh42 June 26
  • Just in case anyone is trying to solve this and comes across this post... I ran into this problem just now on Lame as well and was able to figure it out. My guess is the actual exploit itself has changed since the walkthroughs were written, or else…
  • Regarding metasploit, I ran into this problem just now on Lame as well and was able to figure it out. My guess is the actual exploit itself has changed since the walkthroughs were written, or else maybe my metasploit somehow was different. Anyway, …
  • I ran into this problem just now on Lame as well and was able to figure it out. My guess is the actual exploit itself has changed since the walkthroughs were written, or else maybe my metasploit somehow was different. Anyway, it appears the exploi…
  • Type your comment> @VbScrub said: (Quote) I specified in the ticked that it was in the AU free lab and the reply said they've had ticket for Sauna in other labs before but not the AU lab, so they'd look into it. They then suggested I try eithe…
    in Sauna Comment by japh42 June 25
  • I enumerated the first user pretty quickly and was able to get the password. Enumeration then revealed where I should pivot next, but the port I needed to be open wasn't available (AU free lab) even after multiple restarts. I spent about 8 hours l…
    in Sauna Comment by japh42 June 25
Avatar

Howdy, Stranger!

Click here to create an account.