Have two of the subdomains, help for getting the third is appreciated - feel free to dm 
You need to āpreā - Fuzz it
Excuse meļ¼I found a way to use it.Privilege Escalation via fail2ban ā Research Blog
But I donāt have any feedback.for example reverse shell
Can you help me?
thank youļ¼
I have admin access to the pre-prod and have tried enumerating DNS and SMTP and tried DNS brute-force and not 100% sure where to go from there
1 Like
I did the port enumeration with nmap -A -T4 , I found one smtp port and another ISC BIND; I found some directories but I canāt access it because of nginx blocking. Iām stuck on this part, could you give me some guidance?
Hello everyone.
Iām stuck.
Here is what I have tried:
-scanned all ports (TCP/UDP)
-search for users on smtp
-search subdomains and vhosts
-DNS zone transfers using the AXFR protocol
-listen to the traffic
-search for files with multiple extensions (also php3 PhP4 etc) and directories
-read source code
-check SSH banner
-verified requests and answers with burp
I donāt know how to try harder anymore. Any advice?
Thanks a lot
Iāve enumād users from smtp server and iāve tried brute forcing passwords for ssh with usernamesā¦im stuck
DM me
maybe you missed a step as i do.
dont forget the basic privesc enumeration.
Enumerate DNS service
Hi all, Iām currently stucked in subdomain fuzzing, i found first one via DNS enumeration. Iām trying custom wordlists adding pre- at the beginning but not getting any OK for the second one.
Thank you in advance.
DM for any nudge
Rooted (finally).
Thanks for the hints @Nevuer!
1 Like
I found Admin username and password but login fails for wrong credentials. Iām stuck
Finally rooted after 11 days, wasnāt as hard as I thought it was going into it, especially since Iām still a noob imo:
Hereās some help for those still struggling
Initial Foothold:
Enumeration is the way to go, just follow the hacktricks article step by step and eventually an interesting sub****** should pop up
User:
So youāve got a subdomain, is that the last one? Sometimes subdomains you already have, might key you in to how the next one might look. And when it comes to a certain parameter, sometimes you have to get past filters to get what you want, perhaps the keys to the castle so to speak.
Root:
Once youāre in, the first thing you should check is what you can do. Itās fairly straightforward googling after that. If youāre stuck, thereās a John Hammond video where he uses the same technique to win. So maybe start there if you donāt know what to do. Yesā¦ it moves fast, so type fast, if you have everything set up in different terminal tabs you might be able to modify something before the box even has time to blink.
3 Likes
Hi all, Iām trying to resolve this machine, Iāve obtained the access of the web app but Iām stuck. I donāt know what to do. (Iāve already enumerated the ports).
Hey all 
.
Iāve enumerate the subdomains, found pr*****-m*******g and pr*****-p*****l and L** vuln on one of the subdomains but i cant find any way to upload any fileā¦
Dont know how to continueā¦ 
Google Payload All the Things and look at other services you enumerated with nmap. You shouldnāt need to upload any files to get access.
1 Like
Thanks, this actually work for me 
So I got user and root after several days of trying. Root was really straight forward, a little bit of added research helped to finally get it.
Is there a tool yall use for subdomain stuff, or were you just yoloāing names based on what you found already? That was probably the most useful hint for me in the discussion. After that it was really straight forward. Just trying to update my processes so in the future I know to do that first before hitting the thread.