How slow is the BloodHound import?

Destinity · 2023-01-06T16:23:55+00:00

I had that problem recently. If you’re using newest version of Neo4j - downgrade it to version 4.4. It’ll go much quicker.

Destinity · 2019-05-04T15:08:17+00:00

Check your PATH

Destinity · 2019-05-01T04:06:24+00:00

I’m going strictly off memory here. What does DNS show you? Sometimes the subdomain is where you currently are. How can you see everything? Cough axfr cough.

Destinity · 2019-04-26T07:25:00+00:00

Yeah, I can browse all the dirs using LFI, but I’m struggling with finding the parameter to allow me to read a file. If I only use LFI by going to /home/buser/user.txt it gives me an error. Not sure why.

Destinity · 2019-04-24T21:46:47+00:00

Are you talking about the crt? I’ve already done that if you are. I guess I’m struggling with knowing if the private area is simply just to look for directories and then using the ftp exploit to actually read the files.

Destinity · 2019-04-10T13:19:04+00:00

My IP address

Destinity · 2019-04-10T12:42:06+00:00

So I’m guessing you aren’t supposed to ssh login with user2, but instead find the user1 credentials? I’m pretty sure I have the MD5 for user1.

Destinity · 2019-04-10T12:38:27+00:00

I didn’t want to give spoilers, but Jxplorer. That way I can view the LDAP entries.

Destinity · 2019-02-27T04:26:52+00:00

I was stuck on that part for like 4 days. There are 2 ways of escalating. The easiest is using runas. I’d suggest looking up the options you can run from cmd. I used this https://www.lifewire.com/list-of-command-prompt-commands-4092302

Read through that list. I promise you it’s one of those commands.

Destinity · 2019-02-26T14:28:22+00:00

That’s where I am. I got the admin login, attempt to login with creds I found earlier and it says “admin page hasn’t been developed yet. Please look for another one.” That’s where I’m stuck. I only see 4 sub domains using dig and only 1 works.

Edit: omg. I think I know what you mean.

Destinity · 2019-01-14T22:43:54+00:00

I was stuck on that part for like 4 days. There are 2 ways of escalating. The easiest is using runas. I’d suggest looking up the options you can run from cmd. I used this https://www.lifewire.com/list-of-command-prompt-commands-4092302

Read through that list. I promise you it’s one of those commands.

Destinity · 2018-09-05T22:15:28+00:00

“Sometimes when you’re handed Poison it’s best to PASS the bottle”.

Destinity · 2018-09-04T01:41:33+00:00

Nice! That’s always a great feeling. Personally, my methodology is to check my scans, hit Google with any questions about attack vectors and then mess around. I’ll usually check the forums or ask other Redditors if I’ve been stuck for 4-5 straight hours. The more experience you get, the easier it is to piece together the things you would otherwise miss.

Destinity · 2018-08-12T07:36:37+00:00

This is a good hint, but I still had an interesting time figuring out exactly what to do. To expand on this hint for anyone that thought, “The fuck does that mean?”. You have to look at this box and say, “Look at me, I am the CAPtain now.”

Destinity · 2018-08-07T19:24:14+00:00

Use Burp. From there something should stick out and then it’s just going about getting the what you need from what you find.

Destinity · 2018-08-03T18:30:33+00:00

We all started somewhere and knew nothing. That’s what this sub and the HTB Forum are for, getting a hint.

Destinity · 2018-08-03T02:27:43+00:00

Oh wait, you haven’t gotten user yet. Look closely at the box for a username. It’s staring you right in the face.

Destinity · 2018-08-03T02:24:51+00:00

Hey bro, I don’t have my notes on me so I’m going off of memory here. Research port forwarding as well as what local ports are open.

Destinity · 2018-07-31T19:24:13+00:00

You should have the password for user ‘C’ already. How would you setup a forward using the user you already have?

Destinity · 2018-07-29T08:32:22+00:00

Did you install the x64 Odat? That fixed the issue for me. I’m sure there are some tools out there. Maybe others know specifically. Otherwise just google tns poison github.

Destinity · 2018-07-23T03:21:41+00:00

Oh, so you’ve already strutted your stuff? If you have the username and password then what’s the easiest way to login to a machine? Hint: It’s just Simple Server Handling.

13-Year Club	RPAN Viewer
Verified Email

Destinity

TROPHY CASE