“Hi, did you manage to solve the connection error problem when performing a DCSync attack via impacket-secretsdump? I have exactly the same error ‘[Error 111] Connection refused’ when trying to connect to port 445 via 127.0.0.1. If you have found a solution, could you share how you did it?”
1 Like
Send a DM and I can give you some pointers
Hey, Im DA on DC01, but seriously stuck on how I’m meant to find the admin subnet/network. Could anyone help?
edit: solved
RESOLVED. Thanks for the teamwork!
Is the Metasploit route feature and Meterpreter portfwd feature valid for DC01/DC02?
I have managed to get into DC02 and obtain the first flag via some Powershell tricks but I am unable to use e***-***rm and other tools because I am unable to properly route via msfconsole. I feel like I am missing something or just another way of routing to communicate with dc02. When routing and applying portfwd’ing via meterpreter and then running [REDACTED] applications against 127.0.0.1 to attack DC02, I get proxychain timeout errors within msfconsole and sometimes other errors for the application being ran on my attack machine. Note I am using proxychains4 (sock5) with an ssh -D command to pivot the /24 subnet. I feel like this isn’t feasible once approaching DC02 and the great beyond.
If anyone has a nudge to how you are supposed to pivot the hidden network, I would be in your debt! Thank you in advance.
Hi all,
Could use some help with NIX03 I have found the creds within the file located on a certin server.
However these creds when entered into the login page on port 10000 do not give me an error the login page just spins. Unsure if I have right creds or not. Any help is welcomed. Thank you.
Solved turns out to be my chisel piviot setup unsure why it would not allow me to login to solve this I did the following
ssh -N -L 0.0.0.0:10000:NIX03:10000 -i id_rsa root@firstbox
1 Like
Hello.I found Flag 1, but I can’t find Flag 2. I’m stuck in WordPress. Can you help me? I’ve just started learning this.
How are you stuck? what problem are you trying to solve?
I’m stuck in WordPress while trying to find the second flag. I’ve tried everything I know, but it didn’t work.
If you are in the Wordpress admin panel, your next step would be using that access to get a shell on the underlying server that Wordpress is running on. Do some research into how to get a web shell from a Wordpress admin panel.
I can get a shell from the admin panel, but I currently can’t access the admin panel. I tried brute-forcing, but it didn’t work. I also checked the password in config.php, but that didn’t work either.
Guys I got to the WordPress and the t**.txt tried to brute force the user noted and admin with greping didn’t get to anything now I don’t know what to do so I would appreciate any nude , I did the wp-scan
i am stuck on DC01 for more than 2 days. Please DM me to help me, it would be really grateful of you.
NVM: Solved it now
1 Like
guys I need help to find the another subnet , I tried to ping every X.0-255 in every host I pwned: Nix01,Nix02,nix03,nix04,ws01,ws03.
Could anyone point me in the right direction for Privesc on WS03? I have a shell as a user.
edit: nvm I got it. PWNED
Why are the boxes breaking JEEEEEZUZ!?!?! I can’t upload my shell. I want to finish at least a few boxes todayyyy and general reset is at least 8 hours away
HALP!
Guys. Stuck in Wordpress NIX01. Tried plugin upload. Tried adding malicious media. Nothing seems to work. A nudge would be helpful!
Edit. Disregard. Found it! Just had to do it slowly and change things a bit.
hey everyone im extremly stuck on ws01 (. i have user but I cannot figure out how to esclate to administrator. i have tried about 10 metasploit modules. searching the file system and etc to no avail if someone could please point me in the right direction that would be awesome Im pulling my hair out.
Hey folks. I’ve managed to establish a foothold on the first box through Wordpress and got Root.
I’m drawing a blank on pivoting to the next machine. Could somebody give me a nudge in the right direction please?
Look at what 3rd party applications have been installed on the machine.
1 Like