Hi, I have enumerated the webservice with several tools and have obtained the password from the document, but am unable to find the username. I have tried manipulating the url and using common urls to the application running. Am I going in the right direction spending more time enumerating the web application or have I found myself in a rabbit hole? Any advice would be appreciated.
@richeze said:
Hi, I have enumerated the webservice with several tools and have obtained the password from the document, but am unable to find the username. I have tried manipulating the url and using common urls to the application running. Am I going in the right direction spending more time enumerating the web application or have I found myself in a rabbit hole? Any advice would be appreciated.
Heyall, working on that one since some time… Enumerated a lot, got some good from SP, although, can’t seem to move further… Little nudge would be cool… Thanks folks!
Can anyone PM me so I can bounce what I’ve done so far? I have achieved the user flag without gaining a shell but have attempted multiple methods of getting a shell and failed so far.
FYI update - I achieved shell after looking at the method I was attempting. I had the wrong IP set for my callback. Once fixed, shell achieved! Thank you to those who messaged me.
I’ve got user on the machine, but I’m a bit lost for the privesc. This machine seems to have quite a few rabbit holes to play with , so I’m not even sure anymore if I am in the right place, or if I’m in another rabbit hole. I’ve played with a few ideas for privesc but could someone give me a nudge in the right direction.
Need to find user after ftp password, I’ve tried fuzzlists for general SP urls to no avail. Can see a redirect but not sure what to do with it. Any hint.