Thanks for your help…I found my problem…it was not the tool, it was me 
1 Like
foothold: web enum, needle the data storage (long, slow), play hide & seek of a term and a page, dangerous code, understand the code logic, rce
pe: winp*** enum, check the data storage(s), dump a secret, blazing animal has some secrets in a messed up order, need a big dog to sniff out how people work in groups in the environment, one group is special
2 Likes
Can you DM me a hint on the web enum?
Could use some help on foothold. Found some sites/domains. Tried everything i can think of. Been stuck for days and not sure if im in the right place
I’ve played with the certificate and see the renegotiation, but I’m not sure if I’m looking in the right place. I can’t get anything from LDAP, Kerberos, and LDAP injections…
Can someone give me a nudge in the right direction?
I’ve enum’d the VHOSTs, directories, and DNS and found the w**** and some A** directories I get access denied to.
Having a difficult time seeing the foothold.
Also having a tough time finding the foothold. Have found the usual things everyone has mentioned above like the w**** and s**** page but can’t move past this point. Box feels like it has a few rabbit holes to point you in the wrong direction.
Interested in hearing any tips you could share.
edit - found something. will keep digging for a bit.
I am still stuck but I did get past the first step on the foothold. A hint would be your standard tools will not work. Look at the other hints and you can probably figure it out. If not DM and I will try to help. I have had to do a lot of reading about this first step.
(post deleted by author)
I got creds for j*****, which I have confirmed are valid but I can’t run any commands as this user (no remoting allowed)
I want to add n***** to c*** s****
Am I on the right track?
Edit: I got a bit further. Turns out my command was OK, the problem was my shell.
Rooted! Was pretty straight forward once I fixed the issue above
stuck again. got into the admin area using an account starting with y but can’t spot anything useful. any tips or tricks via pm would be amazing.
alright back on track now - that was a fluke
Is S** inj****** the right way?
EDIT: I can get a NT**v2 hash ticket via it, but how to proceed? Cant crack it.
I’m also stuck and could use a nudge if somebody can DM me. I’m able to login to the web site and get to the a**** page and identified the s*** there and am able to get a machine h*** but cannot crack it and just seem to hit a wall.
there’s more than s*** on the the a**** page. try FUZZ it.
stuck on p**t f*****d. find nothing interest except the obvious one, which gives no more than S**i (the NT**v2 hash)
Hey Guys, Can I get a DM / Nudge on the initial Foothold? I’m not coming up with anything from Enumeration apart from a vulnerable login page but stuck here.
be patient with the vulnerable login
then seclists and ffuf/wfuzz will be your friend
Got root.
1 Like
Foothold:
- Simple Web Enumeration will lead to Vul pages, Do that page some injections, again vul pages and fuzzing and Get RCE.
User:
- Use what you got from Enumeration, you just need to take a detour.
Root:
- Peas and a large dog can help you hunt the Admin
m stuck at initial enum. Have found s** i****** on L**** page… unable to automate it to exploit further. Any pointers?
Hey @mint, Welcome to the Forum.
I’ll send you a DM
1 Like