Official StreamIO Discussion

I rooted the machine. For me, foothold was the hardest part.

Some hints:

Foothold: Enum the entire page. You will find some “hidden” pages/domains. One have a common vuln for getting creds. Using these creds, you can login and try another attack path for getting reverse shell.
User: PortForwading is the key.
Root: AD enum to find the desired goal.

Hi ! I try to find user…For that i use a tool from im… but i get an error message…I would like to know what i do wrong. Could someone help me?

Hello @mhendel send me a DM with print screen with error and i will try help you

Thanks for your help…I found my problem…it was not the tool, it was me :wink:

1 Like

foothold: web enum, needle the data storage (long, slow), play hide & seek of a term and a page, dangerous code, understand the code logic, rce
pe: winp*** enum, check the data storage(s), dump a secret, blazing animal has some secrets in a messed up order, need a big dog to sniff out how people work in groups in the environment, one group is special


Can you DM me a hint on the web enum?

Could use some help on foothold. Found some sites/domains. Tried everything i can think of. Been stuck for days and not sure if im in the right place

I’ve played with the certificate and see the renegotiation, but I’m not sure if I’m looking in the right place. I can’t get anything from LDAP, Kerberos, and LDAP injections…

Can someone give me a nudge in the right direction?

I’ve enum’d the VHOSTs, directories, and DNS and found the w**** and some A** directories I get access denied to.

Having a difficult time seeing the foothold.

Also having a tough time finding the foothold. Have found the usual things everyone has mentioned above like the w**** and s**** page but can’t move past this point. Box feels like it has a few rabbit holes to point you in the wrong direction.

Interested in hearing any tips you could share.

edit - found something. will keep digging for a bit.

I am still stuck but I did get past the first step on the foothold. A hint would be your standard tools will not work. Look at the other hints and you can probably figure it out. If not DM and I will try to help. I have had to do a lot of reading about this first step.

(post deleted by author)

I got creds for j*****, which I have confirmed are valid but I can’t run any commands as this user (no remoting allowed)

I want to add n***** to c*** s****

Am I on the right track?

Edit: I got a bit further. Turns out my command was OK, the problem was my shell.
Rooted! Was pretty straight forward once I fixed the issue above

stuck again. got into the admin area using an account starting with y but can’t spot anything useful. any tips or tricks via pm would be amazing.

alright back on track now - that was a fluke

Is S** inj****** the right way?
EDIT: I can get a NT**v2 hash ticket via it, but how to proceed? Cant crack it.

I’m also stuck and could use a nudge if somebody can DM me. I’m able to login to the web site and get to the a**** page and identified the s*** there and am able to get a machine h*** but cannot crack it and just seem to hit a wall.

there’s more than s*** on the the a**** page. try FUZZ it.

stuck on p**t f*****d. find nothing interest except the obvious one, which gives no more than S**i (the NT**v2 hash)

Hey Guys, Can I get a DM / Nudge on the initial Foothold? I’m not coming up with anything from Enumeration apart from a vulnerable login page but stuck here.

be patient with the vulnerable login

then seclists and ffuf/wfuzz will be your friend

Got root.

1 Like