Official StreamIO Discussion

Official discussion thread for StreamIO. Please do not post any spoilers or big hints.

Hello,

Any hints about where to look to begin this machine, Thanks

gnt48 - could you message me about how you found the users

I have basically nothing after several hours

Try to enum entire webpage. Check ssl-certificate. There is something hidden.

Can’t find path to user.

I get foothold and some credentials but i can’t find the file i want.

a nudge is welcome :slight_smile:

Did you already get a shell? Did you find credentials for the da****** as d*_a****?

I didn’t get shell yet.

But got the credential for d*_a****.

You can find an e*** in one p** file.

thanks

should i guess another vhost’s folder or that p** file locates in the same webapp?

hey could I message you about user? I have a few credentials, but I’ve reached an impass

can anyone confirm the SQLI is a dead end?

This poor machine keeps freezing on me. Guess it’s the new hotness.

need help on foooothold!!!
got somethin in cert

i get LAPS Password but is not working can someone send me a tip ?

i made it rooted: great machine

@binho1337 can I ask you a question about user?

sure, dm me :smiley:

it wont let me for some reason

I rooted the machine. For me, foothold was the hardest part.

Some hints:

Foothold: Enum the entire page. You will find some “hidden” pages/domains. One have a common vuln for getting creds. Using these creds, you can login and try another attack path for getting reverse shell.
User: PortForwading is the key.
Root: AD enum to find the desired goal.

1 Like

Hi ! I try to find user…For that i use a tool from im… but i get an error message…I would like to know what i do wrong. Could someone help me?

Hello @mhendel send me a DM with print screen with error and i will try help you