Tally (need a little nudge)

I was able to find the FTP info (hostname, workgroup, and password) but have not had any luck in logging in. Am I on the right path or am I way off base?

your on the right path, your missing some info; enum, enum, enum

I’m thinking that I’m missing the username (from sharepoint), but not having any luck.

look at typical sharepoint attack URLs, there are a few resources from other testers/hackers on github.
One or two should prove fruitful.

I’ve tried sparty and spscan. I’ve found some of the urls, but haven’t been able to do anything with then (e.g. trying to post soap commands or enum users all require authentication)

the url is a little mangled for some reason, try them manually

Do you mean the urls returned by sparty/spscan, or the ones within the SOAP post requests?

when you put the url in the address bar, tally mangles them via a redirect? you have to re-type them manually, then you’ll find some pages with info that are useful to further attack tally. I havnt bothered with the soap.

Hello all,
Information on this forum are very useful, so first thanks for this. I was keeping investigating in some rabbit hole before I read your posts.
I’m stuck at the same point than glasgow…
I Tried several times to enumerate further with various lists, and also tried to adjust/changed the lists to adapt them to this particular case. Could someone lead me to some useful hint/resource please?
I’m really stuck now. Thanks for all.

I feel like such a moron. I was looking right at this before I found the FTP details. As wolverine called out, watch for places where the site redirects you (it adds something to the URL and displays the homepage). If you see that happen, try adjusting the URL manually.

Hmm I am stuck on finding the user, I have found the ftp stuff. I have found another directory but its is not giving me much. Can someone PM me a tip?

after collected several credentials i tried with the exposed db service but none of em work, any hint, or if i’m in the wrong way?

Can anybody throw me a PM on this? I have searched high and low. :frowning:

@ipatchcables said:
Can anybody throw me a PM on this? I have searched high and low. :frowning:

Send me a message :wink:

Guys, who can give a hint? I’ve got access to ftp, got creds to smb and found old creds for db and creds from password-protected zip. The problem is that I can’t connect with them to DB.

maybe something with smb

Tips on priv esc?

@ipatchcables, if you’re still stuck on priv esc, send me PM with what you’ve done so and what info you’ve gathered. I don’t want to spoil it for anyone who hasn’t gotten as far as you. That would be a rotten thing to do.

@peek ; was it a nudge for beginner2010? 'cause I’m stuck at same stage :slight_smile:


@Yavellion said:
@peek ; was it a nudge for beginner2010? 'cause I’m stuck at same stage :slight_smile:


write me a private message, i dont know which step you are ?