D*****ins INJECT no work!!According to the information on Google, it doesn’t seem to work properly,I wasted a few hours here. need help, please PM me, thanks
oh,root it! This road is right. sometimes “smbshare”.py have problems,maybe use " -smb2support -debug " should be better.if it doesn’t work,just try again and reset the box…
Tried the DLL way for a few hours, 100% sure the syntax of my commands and the payload were correct and it wasn’t working. Possibly because it was on a free box.
Used the msf module instead, wish I’d done that from the start, only took a minute.
Is it supposed to be that way ? It should not be I guess
Chances are someone else left it in an unstable state when they rooted it. You can test this by resetting the box and trying it again (the password wont have changed).
Alternatively, you have a valid short cut to root.
Users are pretty straightforward and people in this forum have already mentioned everything you need.
Initial foothold - enumerate (a classic tool and comes installed with kali). Use the value obtained and try it everywhere you can possibly find.
User - Once you find the right credentials, this should be pretty straightforward.
Root - You should have the credentials to 2 users by now, but you need to gain access to another user. To find it, imagine yourself as a user that tries to HIDE information from other users. That user can do some stuff related to d**, from here google your way to privesc. Just to note, off the shelf payload is fine but architecture is important!
Hope this doesn’t give away too much. If you need a nudge, feel free to PM me.
I’m struggling with priv escalation part
Tried dn**Adm dll injection several times
I don’t figure out the catch for the momemt
!!! Any suggestions please??
I’m struggling with priv escalation part
Tried dn**Adm dll injection several times
I don’t figure out the catch for the momemt
!!! Any suggestions please??
Architecture of the target machine is important, make sure you are restarting the right service. Sometimes other people are on the machine doing the same things too.
got the second user r***, and know that he is in dn gp.
I also made the payload with the poison, shared it via s* to the host, done the “dn****d …” command part and after that the restart, but got no reverse shell. also tried x86 and x64 architecture and different encoding types with poison.
help would be very appreciated!
got the second user r***, and know that he is in dn gp.
I also made the payload with the poison, shared it via s* to the host, done the “dn****d …” command part and after that the restart, but got no reverse shell. also tried x86 and x64 architecture and different encoding types with poison.
help would be very appreciated!
i am facing same issue, have you got any solution ?