finished and needed to make my first post. The most difficult portion for me was the initial enumeration and foothold. It was very frustrating and CTF-y to get to the login page. I struggled finding it for a LONG time.
At the login page, there are some excellent points in this thread about OSINT for the version. I did NOT have any good results with some other scripts available online, but a combo of homebuilt server, wireshark, and requesting specific items from the site worked for me. This was a very difficult for me at first, but paid off very well and seemed very real-world. I enjoyed that part.
I really liked the root, I’ve never used that escalation path before and have had a good amount of experience with the snake. I learned a lot from this portion specifically.
Finally popped root. Mad fun box, I learned a ton about enumeration and a bunch about privesc. Massively useful learning experience. Thanks @polarbearer and @GibParadox! More please
A hint for anyone stuck on user: There is a lot of enumeration to do. If you’re relatively new like me, you’ll learn a ton about enumeration. Make sure to save all your output, and don’t be afraid to enumerate what you find. Being methodical is essential, and researching what you uncover is the key skill to master here.
A hint for anyone stuck on root: I won’t share what to look for, there are already tons of better hints than I’d write. What I will say is if you think it should work but it doesn’t, try it on your own machine and read manuals. The trick is novel and might surprise you.
Hi guys, I have set the bind address to 0.0.0.0 but it still showing connection refused. Any idea?
Did you restart the service after changing the binding? Maybe check with netstat -tulpen (or ss -tulpen, if netstat isn’t installed on your machine) that it indeed is listening on 0.0.0.0/0
Running into a similar error that most people are running into. Spent several hours trying to troubleshoot (firewall fixed, ensure service is running, bind-address is correct, user and privileges are good, fixed packet size and timeout in config file), and I feel that I’m out of options. I’m not an expert on sql, but I’m not a newb either, so I have no idea why it isn’t connecting properly.
could be easily one of my favorite boxes… found it to be very straightforward and very much to learn. thank you so much
@grai123 said:
Running into a similar error that most people are running into. Spent several hours trying to troubleshoot (firewall fixed, ensure service is running, bind-address is correct, user and privileges are good, fixed packet size and timeout in config file), and I feel that I’m out of options. I’m not an expert on sql, but I’m not a newb either, so I have no idea why it isn’t connecting properly.
Would appreciate some help. Thanks!
have you made sure the user is the “correct” user? i learned that “user”@“localhost” is not equal to “user”@“whatever.com”. that solved that problem for me
Running into a similar error that most people are running into. Spent several hours trying to troubleshoot (firewall fixed, ensure service is running, bind-address is correct, user and privileges are good, fixed packet size and timeout in config file), and I feel that I’m out of options. I’m not an expert on sql, but I’m not a newb either, so I have no idea why it isn’t connecting properly.
could be easily one of my favorite boxes… found it to be very straightforward and very much to learn. thank you so much
@grai123 said:
Running into a similar error that most people are running into. Spent several hours trying to troubleshoot (firewall fixed, ensure service is running, bind-address is correct, user and privileges are good, fixed packet size and timeout in config file), and I feel that I’m out of options. I’m not an expert on sql, but I’m not a newb either, so I have no idea why it isn’t connecting properly.
Would appreciate some help. Thanks!
have you made sure the user is the “correct” user? i learned that “user”@“localhost” is not equal to “user”@“whatever.com”. that solved that problem for me
Running into a similar error that most people are running into. Spent several hours trying to troubleshoot (firewall fixed, ensure service is running, bind-address is correct, user and privileges are good, fixed packet size and timeout in config file), and I feel that I’m out of options. I’m not an expert on sql, but I’m not a newb either, so I have no idea why it isn’t connecting properly.
Tried something similar. I tried it again and added another user. I got connection refused afterwards. Double checked firewall and restarted service. Now I’m getting connection timed out error.
I’m not trying to become a db admin, but it seems like I need to in order to get the dbms to connect to my db.
Anyone able to walk the dog with me on the db configuration and let me know what exactly I’m doing wrong?
@grai123 said:
I’m not trying to become a db admin, but it seems like I need to in order to get the dbms to connect to my db.
Have you used wireshark to make sure the packets are reaching your system?
Fair. Looking at the traffic is something I actually have not tried. I’ll check that out. I have spent a long time trying to configure this ■■■■ thing and I’m getting pretty frustrated.
Fair. Looking at the traffic is something I actually have not tried. I’ll check that out. I have spent a long time trying to configure this ■■■■ thing and I’m getting pretty frustrated.
It is understandable because this can be a frustrating step.
Have a look at the form and make sure you are telling it to go to where you want it to go and then make sure where you are telling it to go will let it in.
Can someone pm me hint what file do i need to read, i inspected all the files from F** found login page, logged in and can read local file. Just cant for the life of me figure out which one i need to read, since i am locked in the current directory of the script.
Can someone pm me hint what file do i need to read, i inspected all the files from F** found login page, logged in and can read local file. Just cant for the life of me figure out which one i need to read, since i am locked in the current directory of the script.
Thanks!
Choose one that you already got elsewhere, but that “lied” to you
I’ve gotten in via ftp and grabbed all the files. I know the passwords are ■■■■. I’ve done a ton of reading and I think I have the exploit, but I can’t get a connection from A****** to any remote m***l server. Is this right?
I’ve gotten in via ftp and grabbed all the files. I know the passwords are ■■■■. I’ve done a ton of reading and I think I have the exploit, but I can’t get a connection from A****** to any remote m***l server. Is this right?
