I don’t know if nowadays someone ever visits this topic again, but recently I’ve started doing the Dante pro-lab.
I’ve root NIX01, however I don’t where else I should look for to get the next flag.
So far I’ve done the following:
Used chisel to port forwarding allof the opening ports, but I dind’t give anything.
As root, ran linpeas again.
Decompressed the wordpress file that is in root directory.
I also tried some stuff with the snap ‘current’ file.
I’m out of ideas.
If anyone ever finds this note, please reach out. The year is 2022, the machines haven’t taken control over earth yet.
From what I understand, NIX01 is the bastion host into additional subnets that you want to access. You need to figure out the CIDR block of the first subnet so you can tunnel from your machine, through the bastion, to that subnet. I would keep enumerating until you find out what that subnet is. From what I recall, that info might already be in the results of something you already did. Good luck! I’m not too much further ahead of you. It’s been challenging and fun so far.
Hi, I recently signed up for Dante, and things were going well until the DC02 attack, but now the path is lost. The remaining machines are SQL01, WS02, NIX05, and NIX06. Could anyone give me a nudge on where to go for right path? thanks.
would really appriciate a help here,
Got root on .100 but now i feel lost on how pivot around, saw .20 with port 3*** open tried to r****** using proxychains but dont have vaild credentials to there, i got some database credentials but can’t see a machine that have sql open. maybe I don’t do something right? will appriciate anudge around
I have rooted .12 ,.13 and .17, machines in the lab. I cannot root number .10 since I cannot PE as the second user. I used ssh with the password I found but the ssh is not successful. Neither su is successful. Ayone for a hint?
I had the same issue and not using sudo with the nmap command produced the same all hosts down result. Im using sudo now and everything works as expected.
Can anyone please help me with DC01? I have rooted it but I’m struggling a bit with finding the way to the next subnet/domain. Trying the usual AD enumeration hasn’t found much I can use.
I have stuck at .102 for many days. I know the exploit path to Admin. But I cannot get it to work. I know antivirus is there… I need a little hint on this. thanks
I’m having trouble getting a foothold on the .100 machine, I found a ‘note’ with things that appear like entry points but I haven’t been able to exploit any of them. I’m currently doing a brute force on the J**** user who supposedly has a weak password but that hasn’t turned up fruitful (yet – its still running but I’m starting to think this isn’t the solution). I’ve tried to poke around the given DANTE-WEB-NIX01 hostname and did an nmap on it, but I haven’t found any use for its open port yet. All I have at this point is the 2 servers (.100, DANTE-WEB-NIX01), I found the ‘note’, I’ve tried LFI in a few places but to no avail, and I’m not sure what to do with the rest of the info in the ‘note’ at this stage. I see some poeple talking about a .swp file but I’m not sure where that comes from/what I can do with it. Can anyone nudge me in the right direction, or even more helpfully DM me so I can speak more freely.
I just completed WEB.NIX01 but I wasn’t able to figure out the method the intended way wanted. I found the intended way and poked at it for a long while but gave up. If anyone could give me a tip or two that may indicate what I was doing wrong I’d appreciate it.
What’s the deal with WS03. I have tried a number of things getting a interactive shell, but it seems everything I try is either getting removed by AV or things have been disabled etc?
