Hello HYH,
When doing the HTB-LinkVortex machine, the file ‘ghost/core/test/regression/api/admin
/authentication.test.js’ no longer has the password ‘OctopiFociPilfer45’ as in your writeup. Any further ideas?
Hello HYH,
When doing the HTB-LinkVortex machine, the file 'ghost/core/test/regression/api/admin
/authentication.test.js' no longer has the password 'OctopiFociPilfer45' as in your writeup. Any further ideas?
Are you sure? I checked git-dumper results just right now, and the password still in there……
I think the way to get password hasn’t changed yet, maybe somewhere you did wrong
my terminal below
[root@kali] /home/kali/LinkVortex/gg/ghost/core/test/regression/api/admin (v5.58.0)
❯ cat authentication.test.js| grep ‘pass’
const password = ‘OctopiFociPilfer45’;
password,
await agent.loginAs(email, password);
password: ‘thisissupersafe’,
password: ‘thisissupersafe’,
Are you sure? I checked git-dumper results just right now, and the password still in there......
I think the way to get password hasn't changed yet, maybe somewhere you did wrong
my terminal below
[root@kali] /home/kali/LinkVortex/gg/ghost/core/test/regression/api/admin (v5.58.0)
❯ cat authentication.test.js| grep 'pass'
const password = 'OctopiFociPilfer45';
password,
await agent.loginAs(email, password);
password: 'thisissupersafe',
password: 'thisissupersafe',
Ki2is
Windows Chrome
8 天前
2025-1-14 2:29:43
Hi hyh, I’ve tried the GET /export/../../../../../var/www/backupapp.zip HTTP/1.1
Terminal command at yummy machine, but it did not work. It responds with an 403 Error
What’s the matter??
Hi hyh, I've tried the GET /export/../../../../../var/www/backupapp.zip HTTP/1.1
Terminal command at yummy machine, but it did not work. It responds with an 403 Error
What's the matter??
403 may be your session is out of date.Try to register another user? I didnt catch any 403, only 500 when I repeat the request a few times.These request should be sent only once,then you have to intercept a new one.
403 may be your session is out of date.Try to register another user? I didnt catch any 403, only 500 when I repeat the request a few times.These request should be sent only once,then you have to intercept a new one.
How did you know you had to use evil-winrm tool since ports 5985,5986 were not even open?
i had checked these ports before using evil-winrm. You can use Nmap -p 5985 to check them.
请问在 HTB-EscapeTwo 这篇帖子中 rose / KxEPkKe6R8su 密码组合是怎么得到的?我尝试过爆破、弱口令,但是效果不好
这是机器默认给的信息,在开机那里仔细看看
how did you know you had to use evil-winrm when the ports 5985 and 5986 were closed?
这几天在屯文章,后面会一并发表。。。都是关于 Windows AD 域的
love your site and things in it, thank you!!!
Hello HYH,
When doing the HTB-LinkVortex machine, the file ‘ghost/core/test/regression/api/admin
/authentication.test.js’ no longer has the password ‘OctopiFociPilfer45’ as in your writeup. Any further ideas?
Are you sure? I checked git-dumper results just right now, and the password still in there……
I think the way to get password hasn’t changed yet, maybe somewhere you did wrong
my terminal below
[root@kali] /home/kali/LinkVortex/gg/ghost/core/test/regression/api/admin (v5.58.0)
❯ cat authentication.test.js| grep ‘pass’
const password = ‘OctopiFociPilfer45’;
password,
await agent.loginAs(email, password);
password: ‘thisissupersafe’,
password: ‘thisissupersafe’,
Hi hyh, I’ve tried the GET /export/../../../../../var/www/backupapp.zip HTTP/1.1
Terminal command at yummy machine, but it did not work. It responds with an 403 Error
What’s the matter??
403 may be your session is out of date.Try to register another user? I didnt catch any 403, only 500 when I repeat the request a few times.These request should be sent only once,then you have to intercept a new one.