I thought this target would be easy. I enumerated services and saw that the host had S*** enabled. I downloaded the user name list from the course’s Resources page and ran a tool to verify which of the users existed. None matched. I expanded the search by using a few user lists included with the pwnbox under /usr/share/SecLists, but still got no hits.
I could try brute forcing username / password combos against the other services hosted on this box, but I think I would be missing something obvious.
Any tips on finding the initial username to get a foothold on this box?
The user name appeared in my nmap scan. I used -sCVT.
Dang. I tried that along with scanning all ports and running more invasive NSE scripts (vulnerability) but don’t see any output with the username. It must be staring back at me laughing. Could you please DM me with another tip? Thanks!
I was successful with the S*** user enumeration script.
Using the user list found in the course’s Resources section?
Can someone give me some advice, I have entered mysql with the credentials f*** and the pass 9***, but within it I understand that I must upload a file, or how can I do it, I need some advice I am stuck ??