Okay bro got it.
Finally pwned, follow the clues above for user flag and create a container exploiting a vul to root flag.
Send me a message if you need help
1 Like
Iāve sent you a message!
what do you say with that
Hello guys, hope youāre all fine.
I began working on Runner but got stuck at enumeration with gobuster.
I read about gobuster in vhost mode, despite several scans and DNS and vhost, no results. I then read that a personalized wordlist would be consistent here but I donāt understand what to base it on, no conclusive results in the little enumeration that we can do, and no additional information on the web server. A little hint or an explanation on wordlist customization?
If you have the Seclist wordlists, check out some of the DNS wordlists
Seclists > Discovery > DNS > pick a couple to scan with if you get nothing on your first scan. I checked a couple and they have what you need.
It would be good to go back with CEWL afterwards, if only to get familiar with the tool.
Thanks Iāve a little question, I know what I have to found and itās in some of these wordlists, but gobuster donāt find them, I tested in vhost mode and in dns mode, but i tried to increase threads because itās very long, it can be a problem for findings ?
Ty
I used gobuster vhost too. Try adding the --append-domain flag and I went at 50 threads -t 50. gobuster vhost -u http://example.com/ -w wordlist.txt --no-error -t 50 --append-domain
You could also try with one of these if you canāt get vhost to work:
- gobuster fuzz
- ffuf -u http://example.com/ -H āHost: FUZZ.example.comā -w wordlist.txt
- wfuzz -u http://example.com -H āHost: FUZZ.example.comā -w wordlist.txt
There are probably other ways to search but I used gobuster vhost with a seclist dns wordlist. Youāll get it if your persistent.
2 Likes
Hmm. Please DM me about this and show me the command youāre using.
When I did this part, the scan only took a minute or two - so there might be something wrong. Get in touch and Iāll try to help clarify
1 Like
Thanks ! Got it, big thanks for your help. Going trough now.
1 Like
Thank you thatās ok Iāll be fine Iām learning, I added --append-domains and it work, I search about and understood. Thank you.
how can i find password for matthew can someone help .?
i was able to retrieve matthew password , but it seem not working currently , try to find out another way
Can someone help me with the root?
Fun box. Foothold wasnāt too bad (just do some research once you find the page) but it took me a while to find what I needed for user, didnāt check the right places. Not sure about root thoughā¦ LinPEAS doesnāt seem to have found much of interest, and Iāve not seen any interesting files.
You prob need to re look at what āLinPEASā gave you. Look properly. And maybe letter-by-letter.
can anybody nudge me for the foothold ? is there anything to do the tc version ?
1 Like
is d***** a rabbit hole?
Hello Guys,
I tried to upload some tools but theyāve been deleted immediately.
Did you have the same problem?
Thank regard
Hello guys, Iām stuck trying to get the root flag. I believe Iām very close, but Iām missing something. Iāve already created a c********, but I canāt access it through d*****. When I try to connect, I keep getting āpermission deniedā.