Official Gofer Discussion

Tip for User:
When you think you need to go over something, look for ways around it instead of confronting it head on.

You missed it, linpeas again

You can find in with linpeas

You don’t need any creds for that subdomain

gobuster failed also here, use wfuff and you will find it

The foothold via the m**ro is working? I don’t know where is my error. I already reset the machine 4 times and regenerated my vpn

The right path to a foothold is in the mail :slight_smile:

Yes I know. Now it’s working. I was creating the m**ro in the wrong place.

Then you made the same mistake as I did :slight_smile:

1 Like

This box was fun. Especially the final escalation.

2 Likes

I can fetch files from my local http server via the subdomain. However I am stuck on how to use this to access the filtered port and do my attack :frowning: Any help/hint will be appreciated …

Can someone PM me? need help on bypassing subdomain creds

Hey! Any hint of which subdomain list should I use? Did not find anything yet…

Any list will work. Common one? Above nudges are sufficient, try wfuzz-ing.

Would be great if someone could nudge me a bit with the foothold. I can get the payload where I want to (at least I think so), but I just can’t get it to fire… Mostly I’m also interested if there is a poc/something similar or if you crafted the payload from scratch

Feel free to DM.

1 Like

After much effort, I rooted this one, many new topics for me. I need to stop looking at the difficulty ratings on these machines or something because there were two pieces that I completely overlooked because I didn’t think they would be present on a hard rated machine. Need to find a way to figure out if there is an insane machine so I can avoid for now, otherwise, I should disregard level:)Can’t express enough gratitude to Onisec, Lim8en1 and pandas08s for the time they give for feedback.

Happy to help in DM if needed.

1 Like

I’m So stuck getting foothold/Shell
please any help will be great DM

You can DM me

Yeah, I´ve tried with every tool but no subdomain found… Don´t know what is going on :frowning: