SEC-9

Discussion in 'Missions Center' started by alphabravo, Nov 9, 2018.

  1. alphabravo

    alphabravo New Agent

    I have done a OSINT and SFUZZER scan found the data. domain but can find anything thing else any tips?
     
  2. Nioreh

    Nioreh Active Agent

    Same problem here!
    Any nudges?
     
  3. Enoch52

    Enoch52 Active Agent

    I'm assuming both the provided intel and objective are encrypted in some way?

    EDIT: never mind...it didn't fully decrypt when I opened the bounty.
    Still not making it further; a search on the revealed domain doesn't turn up anything new, and I wasn't able to find an entry for social engineering.
     
    Last edited: Nov 14, 2018 at 3:47 PM
  4. R4Ki

    R4Ki Active Agent

    Nope, no encryption, at least not that I recall.
     
  5. Enoch52

    Enoch52 Active Agent

    Like I said, it failed to fully decrypt when I opened it. Shut down NT4 and restarted and I got in. Stuck at the same point the others are (discovered the 1st subdomain but can't get further).
     
  6. Nioreh

    Nioreh Active Agent

    What is the next step you normally do after you have found a subdomain?
    Act like you normally do :)
     
  7. Enoch52

    Enoch52 Active Agent

    My first step is usually to fingerprint any identified subdomains, but there were no weaknesses identified. Tried an sfuzzer and osintscan against the revealed domain, and came up empty. Also tried a social engineering attack but was unable to find an entry route.
     
  8. Nioreh

    Nioreh Active Agent

    What do you normally do after the fingerprint if......
     
  9. AgentZeus

    AgentZeus Senior Agent

    gah. logged in and was busy catching up in discord - didn't notice the sec9 bounty straight away..... so started late and didn't have time to finish :( probably never see it again

    if it ever pops again be handy to know
    once you have the MAC addy - tried the usual suspects but i must be missing something obvious or missing out on some logic!
     
  10. Enoch52

    Enoch52 Active Agent

    If...? If it was successful, I'd
    searchsploit it and run a FoxAcid attack. I checked anyway; Searchsploit didn't have this tech in the database, but the "generic" version was, and I ran a FoxAcid attack using alpha exploit and all vectors. No dice.
     

Share This Page