trollzorftw

About

Username
trollzorftw
Joined
Visits
462
Last Active
Roles
Member

Activity

  • judy
    judy trollzorftw

    Hi,
    I have more of a random question. I have a pt test and I would like to try 1 box before but I am looking for something that won't take me to long so I can be sure that I get it all from start to end. I am debating between postman, traverxec and openadmin. What out of the 3 is the easiest and doesn't require downloading new tools? What box would you recommend?
    Sorry for the random question,
    Thanks a lot

    January 4
  • latenightbj
    latenightbj trollzorftw

    Hi, I am working on Resolute. I managed to get one of the users. I did enum4linux, and found the notes with markos pw. i then used Evil-WinRM and went through testing credentials until Melanie's popped. Then after looking for some hints on the forum, I found that ryans creds should be somewhere in the root directory as a hidden file possibly. I used the cmd "gci -force" to show hidden files. I then attempted to read them but coming from linux and not a very good powershell user I am kinda stuck. I tried more, and Get-Content, but neither seem to be working. I am reading through powershell cmdlets and documentation. any little point in a proper direction would be appreciated 9999x haha. cheers !

    January 4
  • Fcvebf
    Fcvebf trollzorftw

    Hi my friend,
    I saw in the forums you rooted Mango. PLease if you can give me a hint it would be very helpful

    • I have found http://staging-order.mango.htb/index.php but fuzzing with SecLists/Fuzzing/special-chars.txt username and password gave exactly the same responses, same length. Also tried nosqlmap importing the login request from a burp saved file and still nothing. Is this the vulnerable page? What am I missing?
    • ALso what is this "under construction" page other member talk about??? :-/

    Any help is a lot appreciated

    Multumesc!

    November 2019
  • terty
    terty trollzorftw

    Hi, I'm trying to exploit Postman but i can't. I try the redis exploit but then ask me for password and i don't have it. I tryied to burpsuite 10.10.10.160:1000/password_change.cgi but the burpsuite dont intercept packets from 10.10.10.160.

    I try redis-cli but i cant take de PW. Can you guide me pls?

    November 2019
Avatar

Howdy, Stranger!

Click here to create an account.

Sign In