I was able to gain a foothold but i was not able to find the a-p page for login with a tool like dirbuster. I just lucked out with manual trying so could someone suggest a proper enum command to find that kind a thing in the future ? Also dirb just gives a lot of erros so i think i need a better toolset. Thanks
I think, if you mean the page I think you mean, the simple answer is down to wordlists - there isnāt a right or wrong one - you just need to try different ones.
Its also worth combining directory enumeration tools with web application scanners like Nikto.
So, I managed to get a www-**** shell and also found some creds (s***** and GkE*********1), but Iām not finding out where to use them (I tried s and "s* - "). I only managed to get on my, but this doesnāt seem to help me. Could someone give me a nudge please?
I am at the same place, can you/anyone give me a nudge?
So, I managed to get a www-**** shell and also found some creds (s***** and GkE*********1), but Iām not finding out where to use them (I tried s and "s* - "). I only managed to get on my, but this doesnāt seem to help me. Could someone give me a nudge please?
I am at the same place, can you/anyone give me a nudge?
I suspect youāve looked in the wrong places. Have a look closer to where you landed.
I have found an exploit for the machine but i donāt get session anyone can tell me what I am doing wrong. Exploit: msf **** base64 app key *lara (I hope I didnāt gave extra hint)
I have found an exploit for the machine but i donāt get session anyone can tell me what I am doing wrong. Exploit: msf **** base64 app key *lara (I hope I didnāt gave extra hint)
Try without the part before the : ( in the app key section also no : )
I have found an exploit for the machine but i donāt get session anyone can tell me what I am doing wrong. Exploit: msf **** base64 app key *lara (I hope I didnāt gave extra hint)
Anyone have any hints on getting a foothold? Iāve found d**-st****-.a****.com but not sure what to exploit to start attacking
Edit: Thanks @TazWake was relatively straightforward after landing the beachhead. Enjoyed the lateral movement then a straightforward privesc for root.
Initial foothold - donāt look closely look deeper
donāt frustrate if not getting anything just start againā¦
user- look wildly,again ā¦
root - root is easy
thanks for amazing box @egre55 , @mrb3n
need help ping me on twitter @saims0n
Hi! I need a little kick for foothold.
I successfully registered a new user after changing the r***d but I nothing works beyond that point; I cant get hold of any admin pages I found using the creds from the registered user. A little kick pls.
Hi! I need a little kick for foothold.
I successfully registered a new user after changing the r***d but I nothing works beyond that point; I cant get hold of any admin pages I found using the creds from the registered user. A little kick pls.