Hi guys, im new… Can someone give me an hint on how to find the password for the user G******* for the login form on the m***** directory?
EDIT: i got it XD
I have managed to get a reverse shell but struggling to escalate to G*** user. Have enumerated and looked at all running processes etc but nothing stands out. Any hints?
EDITED: Maybe not enough enumeration !!! Now G*** user and working on root
Anyone able to give a hint to escalating to user from svc account? I have enumerated everything I can think of
EDITED: Got it… Hated it… Not a fan
@mut8nt said:
Anyone able to give a hint to escalating to user from svc account? I have enumerated everything I can think of
same boat
EDIT: got it
Try enumerating all the running services that could be useful.
Hi friends please someone help for teacher box i am stuck i got reverse shell
help me guys through PM
@Saranraja said:
Hi friends please someone help for teacher box i am stuck i got reverse shell
help me guys through PM
Everything you need is already in this thread. I refuse to help someone who’s too lazy to read the thread. The only hint you need right now is literally the last post before yours.
@Sh11td0wn said:
Try enumerating all the running services that could be useful.
Finally got it. It took much longer than I thought it would to get user but learned a bunch in the process. Root was straightforward.
Rooted last week, but really good box, good start for people who have absolutely no clue what they’re doing. lol, by that i mean it’ll teach you the right mindframe, and for people who have never done something like this it’ll force them to learn how to craft better searches 
Got this box with some help (I was to stupid to look at the right places) and as many said, learned something new. Now the question is, how would you go about scripting this. I know I can use curl or python for the request. But I would be happy if someone could share specifics (handling return data, handling session tokens/ cookies), tools (libraries) or experiences. Perhaps someone has a working script to share. I am open to PMs.
Hi all, I am new and need help. I have dirb the website, found a few directories
and cannot find the password for G******. Please help!!!PM me. Thanks
Looking for a nudge here. I’ve been able to find some credentials, but looking for an avenue of where to enter them. I’ve tried to enumerate for this avenue based via multiple directory busting applications and word lists, along with more aggressive port scanning, but I only come up with the standard web server port. I have also crawled through the web page to build a word list, but passing said word list did not provide with anything different. I was able to reset this machine the other night and rescanned, but got nothing differently.
Any nudge on where to check next outside of directory busting and port scanning?
Edit: Thanks for the help on proper tool usage @Skunkfoot
I seem to be stuck with a different issue that I’ve not seen anyone else mention in this thread.
In getting the initial foothold I’ve found the G******* User and the needle in a haystack Password hint. I’ve created a word list with all possible variations and tried both Hydra and Burp Intruder attacks against the Login form for m*****, I realised that something was going on as part of the login process and so made sure i followed that but still no combination seems to work and grant access.
Have i missed something completely or am i just doing it wrong? If anyone would like to message me to confirm or push me back in the right direction, it’d be much appreciated!
Thanks
@XsecSploit said:
I seem to be stuck with a different issue that I’ve not seen anyone else mention in this thread.In getting the initial foothold I’ve found the G******* User and the needle in a haystack Password hint. I’ve created a word list with all possible variations and tried both Hydra and Burp Intruder attacks against the Login form for m*****, I realised that something was going on as part of the login process and so made sure i followed that but still no combination seems to work and grant access.
Have i missed something completely or am i just doing it wrong? If anyone would like to message me to confirm or push me back in the right direction, it’d be much appreciated!Thanks
You can PM me, but I bet your Hydra command is probably not quite right
Make sure you’re indeed covering all the possible variations - not just lowercase letters and digits.
I’m trying to be evil, but I can’t seem to get it right. If someone can help me with syntax , it would be appreciated.
finally GOT IT!
I’m at the RCE part on the website. I found a great video on the steps to go through to set up the exploit, and I understand the overall point, but I can’t get my command to execute. I don’t understand how they got the malicious pay-load in the video. I can’t replicate it to theirs, even with encoding my payload in different formats. Could someone PM some advice on how to get this working? I’m so close I can taste it!
Start simple, focus on getting the syntax right for simple commands, then work your way up from there. All you need is RCE, don’t worry about trying to get a reverse shell
I stuck with initial foothold, I use moodle’s github project’s path to enumerate the file and find out which file is not official, but i can’t find anything interesting after all. Am i missing something ?
EDITED:
solved~
hint: focus on the page error.If still no idea ,spider file(all type) and grep it is a good idea.
thank @jkr
Rooted