The Institute (question)

Discussion in 'General' started by Seshemw, Feb 13, 2017.

  1. Seshemw

    Seshemw Active Agent

    I was running multiple password sessions, and one of them came back with the password (but did not advance the mission). I thought it might have been from me running several in tandem, so ran singles (that I thought had the same criteria). And have somehow not re-found the password...

    But I did write it down. Is there a place or way to inject the known answer back in somewhere? It isn't like I can actively use the credentials (in any way I've discovered), but they aren't showing in my maltego, hasn't improved my C2 networks, and I'm not sure what I'm doing wrong.


    --
    Seshemw
     
    Caledor and gentianbrija2010 like this.
  2. Joris

    Joris Active Agent

    you won't need the intranet, there's another one
     
  3. Seshemw

    Seshemw Active Agent

    This is alpha .3, mission 2, The Institute, part 1
    (seeking to exploit Rivera's email).
    I have a proxy. I, at some point, ran a successful password attack and have the password written down. I can't reproduce the results, have no idea why, and it hasn't advanced the mission (to mission 3 or part 2 of The Institute). Running on a win10 NT4 client, in a win10VM running on a mac (can't get the native mac client to work at this time).

    More granularity on what I was working with:
    Target is quantum53. I have the mail server from recon. I set url, username, first name, last name, age. I set advanced criteria for MIT, license plate, birthdate, bank account#. I believe my working session was a two dictionary attack.

    I'm generally not sure if I did things wrong, or if I had a typo in advanced keywords/context, or what. I'd be more specific, but don't want to harm other people's fun (even if this is an alpha and test-able).

    Edit: Ahh. Please ignore. I got a successful hit on a different server. Have to re-work my stuff for the server I'm missing, I guess.

    edit2: I fixed my problems, and figured out both an interface interaction, and one of my keywords/context settings for password attacks was in error. Remember, kids: If it shows a do-not-enter type symbol, it isn't applying that filter. And as always, google is your friend for
    finding context to personal information contained in the maltego output.
     
    Last edited: Feb 13, 2017
  4. CantFindMyKeys

    CantFindMyKeys Active Agent

    Even with all the hints in this topic I don't understand what the server address is that I require. There is nowhere that I find this address with all the searches I have done
     

Share This Page