That’s what I was thinking. Used FoxyProxy to set a SOCKS5 proxy on 1080 as per default port.
Something I am just F’ing the ■■■■ up and not sure what.
you have to use proxychains and add your 2 tunels there. (/etc/proxychains.conf)
Then use proxychains firefox http://url:port
Without foxyproxy
Ah thanks for helping lolek. I think this last step is just outside my current skills. Might just wait for a walkthrough when one comes out.
hello please help
if you need help, feel free to ask and PM me.
So I still used the 1st proxy with chisel from Kali → Linux Machine
Then I used a rsocx proxy from Windows back to my Kali.
Then I was able to get to the login page by localhost, captured the SAML stuff and metasploit was my friend.
Done and dusted, wish I did this last week instead.
Thanks for the help lolek!
Congratz. No problem. I also pwned this box few hours after it was closed. Doesn’t metter. The experience is the most 
Cya
use the one already on your linux machine /usr/lib/python3/dist-packages/twisted/test/server.pem
otherwise the windows host window is DC.cerberus.local and when I do a full port scan it returns only the winrm port. then what should be on the login page?? help I’m stuck
what to forward port or host or? host with ip 172.16.22.1 opens only port winrm. honestly I’m confused can you help me
Hey guys, I need some help. Got stuck in the right after I got my shell. Could someone DM me please?
www-data@icinga or www-data@DC
which is correct? which is default configured one?
(and i can’t reset the machine)
nmap via proxychains doesn’t work well
Any hints on getting PE in the icinga container to work? I’ve tried several C-versions and the firejail script in https://www.openwall.com/lists/oss-security/2022/06/08/10/1 but the C-versions just don’t work, and the python script hangs without any output. Running from /tmp if that matters…
Edit: Never mind. Finally realized that I needed a full terminal (x2).
The user flag on this one was the first time I’ve ever rated “too hard” 
1 Like
It almost never does, try something like this:
nc -w 1 -znv 10.185.10.34 1-65535 2>&1 | grep succeeded
If specifying the ports in a range like this don’t work (it depends on the unix-like environment, try replacing it by using a loop:
for PORT in {20..65535}; do nc -w 1 -znv 10.185.10.34 $PORT 2>&1 | grep succeeded; done
thx
i’ll try
Ok- so I have a shell on the windows box and think I need to exploit something that need me to open a socks tunnel. However I do not seem to have permissions to use Chisel. and I cant seem to get other proxy tools to work. Could someone DM me and possibly explain what I am doing wrong here?
Update: I eventually figured out my issues and was able to reach the internal site. Now I just need to figure out what I am screwing up with exploit options.
how did you get the shell on windows?? can you give me a hint? i’m stuck on linux with root for two days 
chisel on windows works for me (i dont know why meterpreter portfwd wont work)
