So im gonna start this thread just cuz but I have a question for the few people who have completed Enterprise
I’m stuck in the same way as you! I have just some hashes, cracked only one, tried to use the password with all the identified users via SSH/web, no luck!
If the hash cracking is the good direction, can someone provide a hint about a suitable wordlist? I’ve tried some wordlists that are Star Trek related, even generated some of them with CeWL, still unlucky!
Managed at last to get user. Pretty tricky! Some hints on priv esc? I managed to find Removed Spoiler
Im still stumped on what to do next ;-;
Never Mind 
I am still stuck with just hashes any hints would be welcome
Try to enumerate more, look at the wordpress posts, even the closed ones!
I got a shell. I’ve got some creds… I’ve gotten nowhere 
Got a bit further. This one is a bear Kudos @TheHermit
Any hints for initial access. Enumerated all web ports with multiple tools. Can’t find access ways to wordpress or joomla? Have a wordpress user and have tried sql injection on joomla. Have run nikto,nmap,dirbuster,uniscan
maybe try cewl?
@ksstone said:
Any hints for initial access. Enumerated all web ports with multiple tools. Can’t find access ways to wordpress or joomla? Have a wordpress user and have tried sql injection on joomla. Have run nikto,nmap,dirbuster,uniscan
keep on, you have good method
@peek said:
keep on, you have good method
I’ve tried all those too ! But didn’t go any further Any hints?
I’m trying to get user but I’ve gotten into some places already, as others said, enumerate - don’t try and find hashes or anything in particular, just enumerate.
i found sth but cant get any further:
! i now can read the post titles with the plugin - i guess i have to sql inject but cant get it to work - am I on the right path?