scottrainville

About

Username
scottrainville
Joined
Visits
261
Last Active
Roles
Member

Comments

  • listening on [any] 4445 ... connect to [10.10.15.231] from haystack [10.10.10.115] 42512 bash: no hay control de trabajos en este shell [[email protected] /]# Gotta say, that was kinda hard. It helps to know a little bit of elastic in order to get ther…
  • I've dumped the entire database and so far found nothing useful. Dirscanned the sites by IP and hostname, zero results and seems like no virtualhost routing. Haven't found any software commonly exploitable. Should I just keep looking at the databa…
  • listening on [any] 4444 ... connect to [10.10.15.34] from onetwoseven [10.10.10.133] 54286 [email protected]:/# whoami whoami root [email protected]:/# cat /root/root.txt Can't believe I did it. As a piece of advice on root, you might pinhole yoursel…
  • Hint for exploit: make sure to edit the script, especially if you're on free. Make things less impatient to give you more accurate results, and make sure you're pointing it at the right location.
  • I managed to nab the user.txt after popping FTP and getting to HTTPS, but haven't got a useful shell like sh or bash... seems like PHP and Node.js are tightened down from spawning one, but I'm probably missing something. Hints welcomed :) EDIT: Got…
  • I've enumerated DNS and found four subdomains of the particular TLD but am unable to find any more than that after doing zone transfers on localhost and the primary TLD. Also attempted zone walking, cache snooping, subdomain/TLD brute-forcing. I hav…
Avatar

Howdy, Stranger!

Click here to create an account.