Try using “cewl” to generate a password list. Also, read the note on the FTP.
I think ssh/authorized keys and related items are reset. You’ll have to find another way or account to SSH into. If using Metasploit you’ll want to “upgrade” your ssh session to Meterpreter. Then look at the “autoroute” module.
You can DM me.
So I’ve done all of that but haven’t been able to root the server. I don’t know where to get the needed ssh creds. A previous comment mentioned dictionary attacking with rockyou but that doesn’t seem feasible for a practice environment. There has to be something I’m missing here.
Hello.
Hoping someone can help point me in the right direction. I have managed to get root on every box besides WS-02. I have tried a few things but can’t seem to figure it out. Thanks in advance.
If you’re still stuck you can DM me.
I’m running into the same issues most are with sql01, nix07, and ws02. Would anyone be willing to give me a nudge on these?
Anyone have any hints on how to find the admin subnet?
Hard stuck on NIX02 escalating from M******* to F****. Got creds but not working. Could anyone give a hint on that?
You can DM me.
Feel free to shoot me a DM.
You already helped me on Discord. I appreciate the help!
1 Like
Hey everyone !!
Hope this forum is still active. I am looking for help or nudge for moving onto next boxes.
By now, I’ve done following boxes:
DANTE-WEB-NIX01
DANTE-WS01
DANTE-WS02
DANTE-WS03
DANTE-DC01
DANTE-NIX02
DANTE-NIX03
DANTE-NIX04
If someone is still reading this and willing to assist me to next boxes, please PM me.
Thanks
Hello folks !
First things first, apologize my english, i’m not native and I write without translator (kinda lazy)
I’m currently doing the Dante proLab. A question came up to me, since i’m relatively new to pivoting and large infrastructure pentesting.
I am using proxychains to forward my network traffic over an ssh tunnel between my host and the host I compromised. I read that socks proxy won’t deal with pings for example. (I read the following about nmap : “ICMP and SYN scans cannot be tunnelled through socks proxies, so we must disable ping discovery (-Pn ) and specify TCP scans (-sT ) for this to work.”) I don’t really understand why, or at least, I’m not sure. It may be a dumb question for some of you : Is this a question of layer and socks proxy cannot forward traffic that is on a layer below than the layer 5 (SOCKS is based on layer 5 right?). Or is it because of something quite different ? If someone can explain why, I would be very interested !
The question following along this is, what do you use (tools) to discover a network using a port forwarding with ssh ? Nmap (but -sn doesn’t seems to work) ? fping (not working too)? masscan (Never been able to make this tool work and idk why.
You can DM me if you want to discuss about all of this !
From an enthusiast, junior hacker 
Can anyone provide a nudge for PRIVESC on NIX02? Benn stuck for a couple days. Found a couple passwords for an alternate user, but neither worked. Haven’t been able to make any other progress.
Hello!
First of all, i’m not a native speaker, so i want to apologise for my english.
I’ve been doing this lab for some time and i hit the wall. I’ve done DC01, WEB-NIX01, NIX02, NIX03, NIX04, WS01, WS03. I also found one machine, which were trying to connect to admin network, but i failed to replicate it. (I tried multiple ways to connect, also from other machines).
Could someone DM me some hints how to get to admin network or to do SQL01, WS02, or J*****s (probably NIX07) machine? (I understand that FW01 is out of scope)
Thanks for help!
did anyone plz help me to do privilage escalation in ws01
Can anyone help me with DANTE-NIX02, I have found 2 users one of whom seems interesting due to the use of a limited shell. I have also found the *** vulnerability which allows me to access files, this led me to the discovery of the users and other configuration files.
I’ve attempted to bf the M account, but I’m not having any luck doing so. I’ve tried to access _* files in various home directories but I’ve not had much luck, I’ve checked ***d_config file and have tried alternative file names, I also know that a knowledge based method of authentication to SSH is possible.
I’m guessing there’s a certain file that I have to find but I’m not having much luck finding it. I know the M user is the one I need to compromise first since there was a **** in their home directory I was able to read.
If anyone is able to help me out on getting a foothold it would be greatly appreciated
Hi everyone, I am still totally stuck on the first machine and am wondering what I’m missing. People here mention using cewl and bruteforcing the login, but I can’t even get any of the web pages to even render (i.e., the “/wor…” page simply does not load for me). I just get timeouts and endless loading…
Is this intended behavior?
Update: Further reading through this, it seems like people might have a reverse shell running which totally blocks the web page on the foothold… Doh!). Unfortunately, this seems to be the case for all regions which makes the lab unusuable unfortunately
I have two questions to ask:
- I’ve been stuck at the first .100 machine for 2 weeks. Found with***.swp, found to**.txt. I tried to brute force with wp**** and ce** on user j**** but I did not find any useful password. I also tried brute on ssh and ftp but nothing password found. So I ask where I’m wrong.
- The second question is can I find the name of the machine at where I am, or do I find out later?