Tally (need a little nudge)

Hi, I have enumerated the webservice with several tools and have obtained the password from the document, but am unable to find the username. I have tried manipulating the url and using common urls to the application running. Am I going in the right direction spending more time enumerating the web application or have I found myself in a rabbit hole? Any advice would be appreciated.

Thanks

@richeze said:
Hi, I have enumerated the webservice with several tools and have obtained the password from the document, but am unable to find the username. I have tried manipulating the url and using common urls to the application running. Am I going in the right direction spending more time enumerating the web application or have I found myself in a rabbit hole? Any advice would be appreciated.

Thanks

the username is written somewhere, read carefully

Thanks. not seen it yet, but will look harder!

Heyall, working on that one since some time… Enumerated a lot, got some good from SP, although, can’t seem to move further… Little nudge would be cool… Thanks folks!

@obwanken00by & @richeze,

PM with what you’ve done so far. I don’t want to give too much away, so I want to make sure I know which part you’re having trouble with.

Heya all, a slight nodge on privsec ?? Thanks

Can anyone PM me so I can bounce what I’ve done so far? I have achieved the user flag without gaining a shell but have attempted multiple methods of getting a shell and failed so far.

FYI update - I achieved shell after looking at the method I was attempting. I had the wrong IP set for my callback. Once fixed, shell achieved! Thank you to those who messaged me.

Hello Guys !
I need help to find the username… I’ve looked harder… in source code, doc properties, etc., but no result …
Any hint plz ?
Thanks

Any hint to find username for ftp. Or any other attack vector.

im sure you can find ftp user. change your tools. if you still cannot find. maybe you should try your chance.

Up ! Any hint to find username for ftp…

Ok done … but so craaaaazy … :slight_smile:

I’ve got user on the machine, but I’m a bit lost for the privesc. This machine seems to have quite a few rabbit holes to play with :joy:, so I’m not even sure anymore if I am in the right place, or if I’m in another rabbit hole. I’ve played with a few ideas for privesc but could someone give me a nudge in the right direction. :sleepy:

Nvm, I think I got it

I am in the same state as most of you I cannot find the username even after I have searched everything and dived into making SOAP requests.

@Lyes said:
Ok done … but so craaaaazy … :slight_smile:

wanna lend a nudge in PM, ive been at it for hours can explain further in pm

Anyone offer some advice regarding priv esc on this one without metaspoloit if possible. Tried a number of methods but still stuck as user. Thanks

Need to find user after ftp password, I’ve tried fuzzlists for general SP urls to no avail. Can see a redirect but not sure what to do with it. Any hint.

I would really appreciate a little hint for priv esc. Just a little pointer in the right direction would be awesome .