Long story short: After accepting a bounty and breaking into an address (login.spartantitans.com) using Foxacid and connecting via Turbine C2 Registry, I am trying to find out what to do next. WMI Netscan will not go through with a "VPN Connection Denied" and Aircrack comes up with nothing. I cannot seem to find any other subdomains that I can connect to. Is the Netscan response a bug? Or are there just many other options that I am not thinking of? I have completed the first mission and Academy Missions as well, if I have other options I would appreciate advice. Thanks.
To expand on what Phaid said, Basic rundown of what to do after establishing a VPN connection: Check their folders Check for cell phones Check the websites they're visiting, etc (MITM) sfuzz any related vpn networks for new vulnerable subdomains.
-i is used to filter out all external networks (AKA the ones youve already seen before entering the network), so itll only show you "new" subdomains (subdomains that are only accessible when being connected to that vpn)
^, many servers do not communicate outside their intranet. once you find a vulnerability and get inside, it's usually worth running sfuzzer {domain} -i -t 60 to find any additional servers that weren't accessible from the wider net. -i isn't documented anywhere, but it works.
