Official Tabby Discussion

Foothold: If you found initial vuln, take a look at something on the other port and enumerate. In kali you can find out the content of packet to fuzz with apt-file. If you found creds, google what founded roles give you, curl \ httpie \ ******-manager can help you to exploit in this situation.

User: take a look at some interesting file, you can bruteforce them. If it didn’t help you, think about how people are lazy.

Root: it is not necessary to use automatic scripts. Just enumerate manually. There is only one sploit for this missconfiguration in searchsploit Don’t overthing, try to find out more what your user can do on machine.

I found the T*****-.x with creds and could log into /H-M****** and stuck there. People all say read and dont skip over little details. I have read pretty thoroughly with no luck at this point. Nudges would be great. (Also have tried Curl instead of using browser to try and be creative, but unsure on how that could even help me any further)

Type your comment> @JitB said:

I found the T*****-.x with creds and could log into /H-M****** and stuck there. People all say read and dont skip over little details. I have read pretty thoroughly with no luck at this point. Nudges would be great. (Also have tried Curl instead of using browser to try and be creative, but unsure on how that could even help me any further)

This file contain roles besides login and password. Google what rights that roles give you

Type your comment> @blacViking said:

Type your comment> @chiefgreek said:

stuck on root…am following the instructions and trying to install the image but says no such file when its sitting there.

Update - got this after copying and pasting the script - there are issues with the searchsploit version

I have the same issue, can you pm me how did you resolve it

I think you should delete some symbols, it probably has been written on windows. Use dos2unix next time before transfering and executing.

Type your comment> @BugsBunny said:

Type your comment> @TazWake said:

@unmesh836 said:

Could anyone tell me how can I read the xml file to get credentials

Use a web browser and look at what it has sent you.

Maybe look what it’s sent in Burp? I think some people have issues with looking in browser?

Look at page source code

@BugsBunny said:

Type your comment> @TazWake said:

@unmesh836 said:

Could anyone tell me how can I read the xml file to get credentials

Use a web browser and look at what it has sent you.

Maybe look what it’s sent in Burp? I think some people have issues with looking in browser?

It is certainly more “In your face” if you use burp, but it’s only a single click away in a browser and if people aren’t checking things like that, they really should.

@NordeN said:

Type your comment> @BugsBunny said:

Type your comment> @TazWake said:

@unmesh836 said:

Could anyone tell me how can I read the xml file to get credentials

Use a web browser and look at what it has sent you.

Maybe look what it’s sent in Burp? I think some people have issues with looking in browser?

Look at page source code

@TazWake said:

@BugsBunny said:

Type your comment> @TazWake said:

@unmesh836 said:

Could anyone tell me how can I read the xml file to get credentials

Use a web browser and look at what it has sent you.

Maybe look what it’s sent in Burp? I think some people have issues with looking in browser?

It is certainly more “In your face” if you use burp, but it’s only a single click away in a browser and if people aren’t checking things like that, they really should.

Ahhh, thanks guys, didn’t realise I could see in page source as well,

the more you know…

Got foothold. Not sure how to move laterally, though…

I got root!

This was my first box that I did without any big walkthroughs.

My .02:

for foothold: the other comments here are GREAT.

for user: remember, things look different from the other side

for root: Don’t think outside the box, think outside the container.

Whomever reset the server just killed my foothold. Thanks.

Seriously. Stop resetting. Nothing should be broke.

Type your comment> @BugsBunny said:

@NordeN said:

Type your comment> @BugsBunny said:

Type your comment> @TazWake said:

@unmesh836 said:

Could anyone tell me how can I read the xml file to get credentials

Use a web browser and look at what it has sent you.

Maybe look what it’s sent in Burp? I think some people have issues with looking in browser?

Look at page source code

---

@TazWake said:

@BugsBunny said:

Type your comment> @TazWake said:

@unmesh836 said:

Could anyone tell me how can I read the xml file to get credentials

Use a web browser and look at what it has sent you.

Maybe look what it’s sent in Burp? I think some people have issues with looking in browser?

It is certainly more “In your face” if you use burp, but it’s only a single click away in a browser and if people aren’t checking things like that, they really should.

Ahhh, thanks guys, didn’t realise I could see in page source as well,

the more you know…

@BugsBunny @TazWake @NordeN
Thanks for your replies.

It is one of the basic thing that everyone knows while performing pentesting.
And i was searching for it in the wrong place

Finally, got it. I think I know what to do next.

EDIT:
Got the root as well. Initial foothold is easy and tricky at the same time. Learned new Priv Esc attack vectors.

My Hints:

Initial Foothold:

1. Do not focus only on cat.
2. Once you know vulnerability is there, you may take help from burp
3. Look for that particular file. Yes having the application locally installed will save you lot of time.
4. Google the info. It is very famous exploit.

User:

1. Basic file enumeration
2. Info you find can be used somewhere else

Root:

1. Check your home folder thoroughly
2. Google it, you will get your attack vector. With step by step execution

If I have spoiled anything, please report

Type your comment> @ricepancakes said:

Type your comment> @nothades said:

Feeling pretty frustrated rn, spent a good amount of time getting a low level shell, and now I’m struggling to transfer the 161*****.zp file to my local machine. Can’t use SimpleHSeer, so I’m really not sure how I’m supposed to take a crack at it.

If anyone could give me a nudge or a PM I’d really appreciate it

Try using nc instead.

Or you can simply browse the file

rooted, pm for nuggets

hint for foothold - look for whats included on the news page.
Then install locally and see what you can include on the news page.

Too obvious?

Stuck on root.

I know exactly what to do thanks to endless research.

However, my research will not help with the countless errors I am getting trying to do this.
It may be my sleep deprived mind. I’m going to try again later after a little rest.

In the mean time, is there any kind soul that would mind lending a hand in pm? I can explain exactly what I am trying to do and what is going wrong. Possibly a little more coherently after some rest.

First ever root. Took me longer than I’d like to admit to get to root from user. I found this step by far the hardest part (due to my own ineptitude)

Thanks to everyone on the forums who posted nudges and encouragement!

If anyone needs a wee nudge from a noob, feel free to DM me!

Beautiful box! Thanks @egre55 for having fun while doing it!

finally got root, really interesting box.

I found the initial foothold frustrating as the container i span up to check the directory structure was different to that of the target. It made it difficult to see what was included.

user was cheeky and something I overlooked a few times. i will keep my lips zipped on this one though.

root was something I had never come across before. I had issues finding the correct path initially and it was a bit of up hill climb to the finish but a fun journey.

thanks for the box!

Any help with elevating to a*h? I have searched the to**at9 directory where I spawned. Nothing seems to stick out.

Update looking for files owned by the person who I am trying to get helped! Thanks for the nudges!