samsepi0l

About

Username
samsepi0l
Joined
Visits
374
Last Active
Roles
Member

Comments

  • Type your comment> @MinatoTW said: Guys about the wordlist as it's taking a lot of time, you can intelligently create a "subset" wordlist from rockyou depending on the box. Sometimes it's important to narrow down your resources. t…
    in Arkham Comment by samsepi0l March 17
  • the files m*, my*** and r***n is a rabbit hole? ._.
    in Arkham Comment by samsepi0l March 17
  • Initial Foothold The user tracks in this thread are very good, I would like to mention that if you can not capture what you need, use the tools of the distribution, strangely I had the problem with a tool cloned from GitHub that made me lose time x…
    in Querier Comment by samsepi0l March 7
  • Root To find the credentials you should see the documentation of the app or at least follow the advice of @peek once you find the thread of R****t, it will be very helpful, if the password does not work read the name of the folder again where did…
    in Netmon Comment by samsepi0l March 5
  • Do not change the password Do not use Brute Force Do not restart the box The stability of the box is brainfuck xD
    in Netmon Comment by samsepi0l March 3
  • Solved! Thanks to all! I think everyone's advice is enough to get the solution, an interesting challenge, I could say that to solve it you have to think like a federal xD
  • Initial Foothold This machine is difficult because it leads to rabbit holes, the clues they give in some parts really did not help much, in fact those comments are traps for your brain! Hahaha User To start many users have said: Enumerate p…
  • @Kainan said: Hi all! It's done, it was easy. I can not get anything, I've seen several attributes of J**N but I can not see any difference, I only see the attribute 'ge *' that changes in some tweets but I do not think that's the way...
  • @nergalwaja said: Can somone PM me a hint on this challenge? I've been trolled, I've run all the steg tools I know of, and have been messing with the .png in GIMP to no avail. I was lost for a while, the only thing I can tell you is that …
  • I will organize the attributes of J***, and I will observe them carefully, I appreciate your help! @opt1kz @cyptik UwU
  • @Sekisback said: check github for tweet_dumper Interesting, Although I also used the twitter API and developed a similar script, however ... Should I see anything other than the text of the tweets?
  • Initial Foothold The user's part was really confusing, I lost a lot of time doing useless things, some clues of the thread as some say can be misinterpreted, to begin with you should list as usual and exploit one of the most common vulnerabilities …
    in Giddy Comment by samsepi0l January 7
  • @manick69 said: Greetings from Greece!! I am still in the initial foothold, I've used sql-in****** on mvc, found all the db's, 2 users and 1 pass and passwordsalt but I can't crack it, any help would be appreciated!! Thank you! Use …
    in Giddy Comment by samsepi0l January 5
  • I had never seen this attack vector, the initial part is quite interesting, nice machine Initial Foothold First I was in a HUGE rabbit hole using ldap****h, some have used Nmap and other enumeration tools in the protocol, the hashes of the us…
  • Solved, An interesting challenge, the clues of this thread were of great help, here mine: Search the secret word of the file, it should be enough to start the challenge, after a while you will see a code, they are "magic numbers", in linux the…
  • Good hint @CHUCHO said: Again THX for this box. Was awesome but I didn't like it too much My Hints this machine is 2 by 1, to the first part don't discard the params in POST requests (this will give you RCE) to get roo…
  • @ashr said: Tedious, this one! I got backend access, the four accounts and hashes, but I can't get in to a* other than with the account that gets booted. Still trying things, but process is slow. Blowfish is a bastard to crack. Some tips mention …
  • I have four users, according to the tracks the indicated one is p******e, is it necessary to use brute force to find the password? or try decrypt hash, or just guess it according to the information of the site, if so, some hint
  • Rooted Root For me it was not so obvious or logical to get root, in fact it was something weird but in the end it makes some sense. Clue: It seems that the user left unprotected things out there, it's a kind of time travel with the f*x It …
    in Chaos Comment by samsepi0l December 2018
  • I have user.txt! It's a fun machine, like Frolic you have to use a little creativity Initial Foothold: Enumerate as always with Nmap and Gobuster, when you get to the initial question do not start using complex things, the answer is in front …
    in Chaos Comment by samsepi0l December 2018
  • @mpoitsos said: I cannot find something inside the mail servers(seems empty), neither i can connect to the web portal with those creds... . what am i missing? f you are sitting on your computer writing an email to your friend and suddenl…
    in Chaos Comment by samsepi0l December 2018
  • Rooted Initial Foothold: This track helped me a lot, after looking for another way of accerder, as is common in several machines this does not need Brute Force, you do not need to be an expert in using the web application, just look for somet…
  • Solved! At first I found it difficult, but it is easier than I thought, as several have said the slides (OWASP) are the key, I had to read it several times very carefully (since my native language is not English), and in the end a little adjustm…
  • Rooted Initial Foothold: Do not try to brute force in any service with any user, think of a way to pass yourself as administrator using two words (seen in other machines), If you can not enter use all the forms, they are there for some reason …
  • Rooted Initial Foothold: As some people say in this thread it is necessary to search the Login Page, but it is not necessary to use Hydra or Bruteforce for the password, what you are looking for is in the Blackhat HS... User: Actually I c…
Avatar

Howdy, Stranger!

Click here to create an account.