Dante Discussion

yes i got, apparently someone deleted the password column, i had to restart the machine.

the way is on a CVE

Any nudge for *.12,

wfuzz seems to come up with something, but noting useful till now.
172.16.1.12/blog seemed interesting, I tried uploading php reverse shell. Didnot work.

image

Unable to solve this.

Also…mysql -h 172.16.1.12 -u root
ERROR 1130 (HY000): Host ‘172.16.1.100’ is not allowed to connect to this MariaDB server

Any tips on WS-02? I have owned all machines on first subnet except this one and SQL and Jenkins…

I believe this is the way to scan the admin subnet… but have no idea how. I have tried ftp and smb sprays with all collected credentials.

Yeah file upload is not the way on this one… try scrolling the mouse on the images there is an interesting parameter there that will lead to something. Grab the link and try nuclei

alright i have hit a wall. i have three machines that i dont have hostnames for, *.5, *.19, *.101. if somebody can recommend which to start with and maybe a nudge id appreciate it.

anyone willing to offer a nudge on how to move towards .19 and .5 , i have owned all the machines on the first subnet except the 2 mentioned

there is a file that you obtain on a previous machine that should help you with .101

done…Thank you…
Had to update my sql tool in kali. That was the root cause.

Hello,
I am stuck in privesc for WS03.
My payload is working well, the local connection is established but i cannot get the revershell working as i am not getting any answer untill i kill my process. I think it is due to my windows shell not being fully interactive
aa

Any help plz ?

EDIT: GOT IT

Hi, i have done all boxes except .19 and SQL01 and i am stuck here … From what i read i have to pivot to admin network but i don’t have any clue from where … Help is welcome here …

check the privileges if you want the system

for .19 you should have found some credentials also applies to sql