Sense

igaralf · December 12, 2017, 11:11pm

well, finally something XD

grudel · December 23, 2017, 1:28am

I have done web enumeration. But I have not got anything interesting. I found Spoiler , but he does not answer me. I do Spoiler . What I can do?

AXANO · December 23, 2017, 3:08pm

all the info I found during enumeration is applicable only after having something extra… Am i missing something?

pr0n1s · December 25, 2017, 3:23am

@AXANO said:
all the info I found during enumeration is applicable only after having something extra… Am i missing something?

Your not missing anything, enumeration from what I understand will lead to getting the something extra. That is currently where I am stuck.

I have found 5 dirs, one I think may be the path if it’s an Apache server setup the way I’m thinking. Or, it’s a file with a specific ext in an unknown dir. Otherwise, I’m still searching and any hints without spoilers would be appreciated greatly.

s1lence · December 25, 2017, 10:17pm

Hi all, I’ve had a lot of fun getting my initial foothold on this box, however the time has come to ask for help with my “stager”. I have all the pieces in place, I just can’t seem to produce what’s needed. Can someone pm me and I’ll explain the part i’m stuck on?

AXANO · December 26, 2017, 6:09am

@s1lence If with stager you mean the platform with the allmighty M word, i didnt use it.
As a good teacher of mine always told me, google is your best friend. Just to let you know the initial foothold maybe a little bit more complicated than you think, if you managed to login than forget the last sentence. Just follow a general approach for this box , you dont need a “special” approach/1

PwnPivotPwn · December 26, 2017, 8:21pm

Happy holidays all. I’ve managed to login to the management interface and also I believe I have found a way to proceed further (finding a vulnerable element which I can access), but i’m a bit overwhelmed with the practicality of what I have to do. Specifically with how to execute the PoC example I have (struggling to get the encoding with their example). Any hints would be greatly appreciated.

KevGar · December 29, 2017, 2:43am

I’ve slammed this box for 4 days straight with dirbuster/wfuzz and every wordlist I have. Not sure where else to go with it.

likwidsec · December 31, 2017, 6:03am

@GetTheGuru said:
Happy holidays all. I’ve managed to login to the management interface and also I believe I have found a way to proceed further (finding a vulnerable element which I can access), but i’m a bit overwhelmed with the practicality of what I have to do. Specifically with how to execute the PoC example I have (struggling to get the encoding with their example). Any hints would be greatly appreciated.

You’ve got to do everything one at a time. Slow down, read the PoC. You cannot use certain characters. But you can use as many commands in one request as you want. That should do it for ya.

likwidsec · December 31, 2017, 6:03am

@KevGar said:
I’ve slammed this box for 4 days straight with dirbuster/wfuzz and every wordlist I have. Not sure where else to go with it.

Keep slammin’ broski.

Yavellion · December 31, 2017, 10:25am

Hi all,

40 mins after a reset, I got root & user on this box, but I think this is rather a weird way to pwn the box… May I PM someone to discuss this please?

best wishes for coming celebrations

PwnPivotPwn · January 1, 2018, 10:04am

@likwidsec said:

You’ve got to do everything one at a time. Slow down, read the PoC. You cannot use certain characters. But you can use as many commands in one request as you want. That should do it for ya.

Thanks for your guidance. Since my comment I found that this version was vulnerable to an earlier exploit which was easier to take advantage of without the stager requirement, as it had more characters allowed. I still want to go back and debug because I do want the full staged reverse shell still, but at least I got that flag!

druckk4mm3r · January 3, 2018, 9:01pm

@GetTheGuru said:
Happy holidays all. I’ve managed to login to the management interface and also I believe I have found a way to proceed further (finding a vulnerable element which I can access), but i’m a bit overwhelmed with the practicality of what I have to do. Specifically with how to execute the PoC example I have (struggling to get the encoding with their example). Any hints would be greatly appreciated.

I’m on sense for some days now now and I wonder if I can find the login credentials with dirbusting or are they somewhere else in the source or jQuery? I did check jQuery but I might have missed something. I have found a couple directories but could not find anything. I dirbusted for extensions: xml,php,html,py,pl but nothing was found. Any suggestions?

lowpriv · January 8, 2018, 12:25pm

I just finished up sense this morning but I would like to speak with someone else who has finished this box so that I can learn the more manual way for finishing it. Send me a DM if you want discuss it.

N13manT · January 8, 2018, 7:20pm

I’ve been slamming at Sense for over a week now and except for some folders and a txt file…nothing worth mentioning.
I’ve used dirsearch, dirbuster and wfuzz in combo with the wordlists from seclists and /kali/wordlists. Also I tried the combo with folder brute force and extension list from seclists. Nothing.

what am i missing?

and please…i prefer no response over “brute force harder”

lowpriv · January 8, 2018, 7:26pm

@N13manT said:
I’ve been slamming at Sense for over a week now and except for some folders and a txt file…nothing worth mentioning.
I’ve used dirsearch, dirbuster and wfuzz in combo with the wordlists from seclists and /kali/wordlists. Also I tried the combo with folder brute force and extension list from seclists. Nothing.

what am i missing?

and please…i prefer no response over “brute force harder”

You need to configure your scanner to look for other extensions, adding in the most common ones should turn up what you need.

N13manT · January 8, 2018, 7:57pm

@lowpriv said:

@N13manT said:
I’ve been slamming at Sense for over a week now and except for some folders and a txt file…nothing worth mentioning.
I’ve used dirsearch, dirbuster and wfuzz in combo with the wordlists from seclists and /kali/wordlists. Also I tried the combo with folder brute force and extension list from seclists. Nothing.

what am i missing?

and please…i prefer no response over “brute force harder”

You need to configure your scanner to look for other extensions, adding in the most common ones should turn up what you need.

using a customized wordlist with: asp,aspx,bat,bmp,cgi,conf,config,doc,docx,gif,htm,html,img,jar,jpeg,jpg,js,log,pdf,php,sh,text,tmp,txt,xml

still nothing

lowpriv · January 8, 2018, 8:24pm

@N13manT said:
using a customized wordlist with: asp,aspx,bat,bmp,cgi,conf,config,doc,docx,gif,htm,html,img,jar,jpeg,jpg,js,log,pdf,php,sh,text,tmp,txt,xml

still nothing

Well in this case I’d say the issue that your scanning for WAY too many extensions and also the customized wordlist probably doesn’t help things in this case either.

N13manT · January 8, 2018, 8:32pm

@lowpriv said:

@N13manT said:
using a customized wordlist with: asp,aspx,bat,bmp,cgi,conf,config,doc,docx,gif,htm,html,img,jar,jpeg,jpg,js,log,pdf,php,sh,text,tmp,txt,xml

still nothing

Well in this case I’d say the issue that your scanning for WAY too many extensions and also the customized wordlist probably doesn’t help things in this case either.

only the extension list is customized…other wordlist are default from seclists and standard kali wordlists.

d1am0ndz · January 11, 2018, 7:18am

stuck in same boat… throwing every random wordlist I can find at it and coming up with nada.

Topic		Replies	Views
Sense Machines sense	5	1507	February 4, 2018
Sense VM Machines sense	4	593	March 24, 2018
Sense Machines	4	560	March 24, 2018
Official Interface Discussion Machines	98	5952	May 13, 2023
Nightmare Machines	49	6075	September 6, 2018

Sense

Related topics