did you proxy metasploit?
I managed to pwned it.
where can i get username and password for exploit?
Got root on webserver but stuck now, someone with a nudge to go further so I can get a cmd of the user in Windows?
Hello , i found a script to PE from firejail but when i sudo su - (after ⌠--join ) , the system says that i am not in the list of sudoers .
Donât use sudo 
Rooted
oh , yes , sometimes it s so simple that i even try it XD
for the exploit RCE , do i need username and password, if so what file on the server has it?
I stuck at very first
1 Like
i am in same problem ,how to get username and password for the web?
yes you need one . search on the web for the config files of icinga and you will find it with the lfi you should allready found.
i found a ticket , got the hash but no way to connect with evil-winrm on the windows box with the machine account found in the ticket or with the only known user on the linux box ⌠is there an other account to found on the linux box ?
Do you have direct access to the windows box?
yes now , i am in . Not directly (evil-winrm through chisel ) . But i have to dig into the windows box now
1 Like
After the exploit and join, did you try sudo in a different terminal?
I have the hashes from the shadow file after getting root on the second exploit (or third), but canât get John to crack them. I used âformat=crypt and the 10 million list after Rock You wasnât working.
you canât crack this one , i think it is too complex . you have to go out this first box flags are not on the linux box.A linux can join an active directory tooâŚ
I thought I needed the credentials to get to the Windows box; using chisel. Or maybe evil-winrm but I would think that wouldnât work to the 172 address of the DC.
I found the correct hash⌠it was stored in the cache. Cracked it in minutes. Will look into next step tomorrow or next day. Work, so this happens on the side.
1 Like
just got the user⌠pheww⌠that took alot out of me⌠