TUTORIAL Pivotapi Detailed Writeup
by Jockerjock - May 15, 2021 at 05:05 AM
#1
Wink 
Pivotapi writeup is available
https://0xdedinfosec.github.io/posts/htb-pivotapi/
Hash -> 81b32769d55ca9fc807a86b24709a7f9
If you like the writeup pls support me to get oscp exam
https://www.buymeacoffee.com/DEDINFOSEC88


Donate If You Like Hidden Content
You must register or login to view this content.
#2
Hey, May l ask how did you config your Parrot root with pwnbox theme? and have you ever encounter login as Parrot root then the Parrot OS's volume becomes ridiculous large after use it for few days? because l'm running Parrot as root like you but after few days the Parrot's size became 70GB from 15GB, do you know what might be wrong? Thanks
#3
(May 25, 2021 at 02:54 PM)robott Wrote: Hey, May l ask how did you config your Parrot root with pwnbox theme? and have you ever encounter login as Parrot root then the Parrot OS's volume becomes ridiculous large after use it for few days? because l'm running Parrot as root like you but after few days the Parrot's size became 70GB from 15GB, do you know what might be wrong? Thanks

Bro I don't login with root I use regular user and inside that I switch with root user and I use tmux so when I open new terminal it's privilege is always root
#4
(May 25, 2021 at 05:39 PM)Jockerjock Wrote:
(May 25, 2021 at 02:54 PM)robott Wrote: Hey, May l ask how did you config your Parrot root with pwnbox theme? and have you ever encounter login as Parrot root then the Parrot OS's volume becomes ridiculous large after use it for few days? because l'm running Parrot as root like you but after few days the Parrot's size became 70GB from 15GB, do you know what might be wrong? Thanks

Bro I don't login with root I use regular user and inside that I switch with root user and I use tmux so when I open new terminal it's privilege is always root
Cool and thanks, l login as user then switch to root with tmux and now the size seems stable as usual, thanks for helping.
#5
(May 26, 2021 at 10:21 PM)robott Wrote:
(May 25, 2021 at 05:39 PM)Jockerjock Wrote:
(May 25, 2021 at 02:54 PM)robott Wrote: Hey, May l ask how did you config your Parrot root with pwnbox theme? and have you ever encounter login as Parrot root then the Parrot OS's volume becomes ridiculous large after use it for few days? because l'm running Parrot as root like you but after few days the Parrot's size became 70GB from 15GB, do you know what might be wrong? Thanks

Bro I don't login with root I use regular user and inside that I switch with root user and I use tmux so when I open new terminal it's privilege is always root
Cool and thanks, l login as user then switch to root with tmux and now the size seems stable as usual, thanks for helping.

Np bro enjoy
#6
(May 15, 2021 at 05:05 AM)Jockerjock Wrote: Pivotapi writeup is available
https://0xdedinfosec.github.io/posts/htb-pivotapi/
Hash -> 81b32769d55ca9fc807a86b24709a7f9
If you like the writeup pls support me to get oscp exam
https://www.buymeacoffee.com/DEDINFOSEC88


[Hidden Content]

Was this an unintended path that is now patched?
#7
(June 01, 2021 at 10:01 AM)Buttmuncher Wrote:
(May 15, 2021 at 05:05 AM)Jockerjock Wrote: Pivotapi writeup is available
https://0xdedinfosec.github.io/posts/htb-pivotapi/
Hash -> 81b32769d55ca9fc807a86b24709a7f9
If you like the writeup pls support me to get oscp exam
https://www.buymeacoffee.com/DEDINFOSEC88


[Hidden Content]

Was this an unintended path that is now patched?
yes you are right
#8
Did anyone get Juicy Potato to work?
#9
Potato is not working, maybe it is fixed now. It is not the way.
#10
(June 01, 2021 at 01:36 PM)pinco4president Wrote: Potato is not working, maybe it is fixed now. It is not the way.

So, if not potato, what is the way?
#11
potato, printspoofer, and everything related to seimpersonateprivilege is seems to be patched. i took a secend look at the box, my wild guess would be to mess with the active directory. maybe you can create another user, or change user password?

another thing, the "primary" user is called 3v4Si0N, googling this user i found a github with quite a lot of windows related exploits. i think it's worth trying....(maybe osint is the way to get user...?)

https://github.com/3v4Si0N/CVE-2020-0787...WS-VERSION
https://github.com/3v4Si0N/HTTP-revshell
https://github.com/3v4Si0N
#12
(May 15, 2021 at 05:05 AM)Jockerjock Wrote: Pivotapi writeup is available
https://0xdedinfosec.github.io/posts/htb-pivotapi/
Hash -> 81b32769d55ca9fc807a86b24709a7f9
If you like the writeup pls support me to get oscp exam
https://www.buymeacoffee.com/DEDINFOSEC88


[Hidden Content]

These writeups are all useless now please dont ask for creds for somehing thats been patched

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING HTB PivotAPI - User SSH Creds (to User Flag) slrrrR 0 169 October 23, 2021 at 11:18 AM
Last Post: slrrrR
TUTORIAL HTB PivotAPI rasengan 0 251 October 22, 2021 at 01:09 PM
Last Post: rasengan
SELLING HTB web challenge Gunship detailed writeup Nimoo 1 584 October 18, 2021 at 11:34 AM
Last Post: philipjphry

 Users browsing this thread: 1 Guest(s)