have you seen the privileges?
Am I the only one that cannot crack Julian password on a certain machine ? I followed every steps (unshadow etc.) using john and rockyou.txt without success. Any one can help ?
continue with john, you are missing something to add
the password is not the way, you have to find another way
hello guys, I just have to do the ws02 to finish the lab, I tried brute force on ftp and smb with all the credentials of the other machines, but none gave me results, I tried with passwords from different wordlists but nothing, does anyone have any advice?
Did you get an *.xml file on another machines ?
Hello everybody, any hint on Admin-NIX06, I’m stuck on foothold as sophie user
yes i got, apparently someone deleted the password column, i had to restart the machine.
the way is on a CVE
Any tips on WS-02? I have owned all machines on first subnet except this one and SQL and Jenkins…
I believe this is the way to scan the admin subnet… but have no idea how. I have tried ftp and smb sprays with all collected credentials.
Yeah file upload is not the way on this one… try scrolling the mouse on the images there is an interesting parameter there that will lead to something. Grab the link and try nuclei
alright i have hit a wall. i have three machines that i dont have hostnames for, *.5, *.19, *.101. if somebody can recommend which to start with and maybe a nudge id appreciate it.
anyone willing to offer a nudge on how to move towards .19 and .5 , i have owned all the machines on the first subnet except the 2 mentioned
there is a file that you obtain on a previous machine that should help you with .101
done…Thank you…
Had to update my sql tool in kali. That was the root cause.
Hello,
I am stuck in privesc for WS03.
My payload is working well, the local connection is established but i cannot get the revershell working as i am not getting any answer untill i kill my process. I think it is due to my windows shell not being fully interactive
Any help plz ?
EDIT: GOT IT
Hi, i have done all boxes except .19 and SQL01 and i am stuck here … From what i read i have to pivot to admin network but i don’t have any clue from where … Help is welcome here …
check the privileges if you want the system
for .19 you should have found some credentials also applies to sql
Hello all,
I’m stuck on NIX07, I’ve found the J…k…s login page, I’ve enumerated other machines on the network, DANTE-NIX02 indicates a password for another “Ubuntu” machine on the network but I can’t seem to get it to work on this machine which is the only Linux machine I’ve not compromised.
I can’t seem to find the additional subnets mentioned, I’ve ran arp -a, route print, ip/ifconfig on all compromised machines and none of them seem to connect to another network, am I missing something obvious?
Any nudge on the J…k…s machine would be much appreciated 
Thank you all