Hi,
It took me a long time to get to this point and for the past week or two, I feel like I have this tunnel vision when you miss something obvious that is next to you. What I have is
plaintext password of a user with remote login capabilities
hash of machine account of DC01$
access to the application via port forwarding with chisel
I see very different attack venues:
Application (linux ubuntu client) is behaving oddly on the desktop - when I log in as a user, I can see for a brief moment that there are additional options visible, that later disappear. Since itās nodeJS (I think), it should be fairly easy to make them visible and upload files with no restrictions
There are some vulnerabilities which could be golden in this particular case, for the specific libraries used on the box (Iām talking about LFI)
More fun with responder - but I donāt have any particular idea on how to force the box to send me anything more than the DC01$ hash. Forcing the applications on the box to authenticate could be fruitful.
One particular problem I have is that this box (at this stage, I mean already have more than a decent foothold) just begs for an client-side attack, but Iāve tried things like sending links, UNC path, dropping connectors etc, and nothing works so I gave up with this path.
Iād really appreciate pointing me in the right direction since I spent awfully lot of time on this box and I just hate to be stuck like this.
One thing that helped me is using the windows version of the client. ā¦ donāt try wine lo! I think someone recommended a windows machine earlier in here, and that worked for me. Hopefully youāll see more and things will open up a bit for you, thereās some fun stuff ahead.
I must have missed something earlier though, since I didnāt get the dc01$ hash!
Iāve managed to use a key and read a log and acquired a secret. I read something that seemed to be an invitation to do something with a little brutish force-y - although Iām doubting thatās the way nowā¦ Played with the calendar as well but that didnāt seem fruitful.
I know what youāre talking about with the āsecretā. Iām been stuck mucking around with the calendar for a while now. Iām not sure what my options are now other than brute forcing something.
I took a bit of a break. Iām in the same place. Is there more to see in the O.Messenger app as the O.M user apart from the conversation segment and scheduled things? I may have to give in and join the discord - honestly have been avoiding it a bit just for the pleasure of hitting my head against a wall. So far I have ruled out brute forcing after a few dozen lists and hopefully not annoying anything server wise; the calendar, unless i could schedule something as a certain higher privileged user seemed to be a dead end to me too.