I think I know what binary to use from the last user to get access to the flag, but I’ve been staring at man pages and playing with the program for the past hour or two and can’t get anything other than ‘permission denied’ errors for the file I want access to.
can anyone explain to me why jxplorer is so ludicrously slow, while shelldap is lightning quick? I feel like part of it is that jxplorer is a gui, but that just can’t make that big of a difference.
Can anyone help? I’ve been stuck on this for days now, trying to get user. I have run tp while querying a million different things, have found the hashes, but nothing more than the output of the actual query. I’ve read the entire RFC and the documentation of all l and s* commands. Any nudge would be appreciated, this is driving me mad.
Rooted with good impression and experience.
Followed CEH methodology and CTF techniques that already studied with previous machines. The last step will make you smile.
Hint for root: Be brave! Go to root directly! Don’t care about permissions!
Seriously. The way to get the root flag doesn’t make any sense to me.
Why is that thingy able to do what it can do? There is another of that thing on the box which is no different and it cannot do that thing. The path /seems/ to be relevant. But moving an identical thing from a different place seems to make it not work?
If anyone is able to PM me and explain I will send you much respect!
Hello everyone! I am currently stuck on getting ldap2. I have run multiple captures with tcp while attacking ldap with NSE and JXand have combed through all of the captured ldap packets. I can see ldap2’s hash. I know I am not supposed to try to crack this hash and it is not a simple Pass The Hash attack from my understanding. I feel like I am overlooking something simple! What is the step I am missing for ldap2? Help me understand in depth please, I want to know what is going on, not just how to get ldap**2 thx!
Hello everyone! I am currently stuck on getting ldap2. I have run multiple captures with tcp while attacking ldap with NSE and JXand have combed through all of the captured ldap packets. I can see ldap2’s hash. I know I am not supposed to try to crack this hash and it is not a simple Pass The Hash attack from my understanding. I feel like I am overlooking something simple! What is the step I am missing for ldap2? Help me understand in depth please, I want to know what is going on, not just how to get ldap**2 thx!
If you have the right data, analyzing them on your device, you will find that the packet containing the ldap****2’s hash, is carrying an LDAP message, the BindRequest, the start of the authentication process. You can learn more by reading this The LDAP Bind Operation – LDAP.com or this https://ldapwiki.com/wiki/Bind%20Request
And yes, if you have the right data, you’re overlooking something simple!
Hello everyone! I am currently stuck on getting ldap2. I have run multiple captures with tcp while attacking ldap with NSE and JXand have combed through all of the captured ldap packets. I can see ldap2’s hash. I know I am not supposed to try to crack this hash and it is not a simple Pass The Hash attack from my understanding. I feel like I am overlooking something simple! What is the step I am missing for ldap2? Help me understand in depth please, I want to know what is going on, not just how to get ldap**2 thx!
If you have the right data, analyzing them on your device, you will find that the packet containing the ldap****2’s hash, is carrying an LDAP message, the BindRequest, the start of the authentication process. You can learn more by reading this The LDAP Bind Operation – LDAP.com or this https://ldapwiki.com/wiki/Bind%20Request
And yes, if you have the right data, you’re overlooking something simple!
Got user! Thanks for the help and resources! Now onto root.
ROOTED! This box was quite interesting and definitely taught me some stuff about LDAP that I didn’t know about. The unique attack vectors were a good change of pace. If anyone needs help feel free to PM me!
I am working on Lightweight, but I am stuck in the initial step. I have the low priv ssh access using my IP. I have two has from the usual np l**p enumeration. I am trying to run tc***p on 389 but I hear nothing. Can you please give me a nudge if possible?