at the end when i write the full-checkup.sh file in dev/shm and try to run system checkup, it still says something went wrong, after a few seconds seems like the machine automatically deleted the file I wrote, I even tried to only put echo 'hi' in the file to test, just in case there is a bug in my code, still says something went wrong, I followed all steps correctally, anyone knows what the problem is?
Am I correct in stating that the two crucial mistakes of the admin(s) of this box were users reusing passwords, and winrm being enabled? (aside from being vulnerable to a SQL injection attack, lol)
I was here to just copy what you do to just pwn the machine but, That was tremendous workload. I cant even image an insane machine if medium is like this. I have lots of work to do I guess to get a point where I pwn a machine on my own.
It's not about getting the flag, it's about the journey. I could just try to run SQLMap everywhere but it is not perfect. I think understanding how to exploit things manually is important. I do show SQLMap on the login form at the end of the video, but where the union is there's a WAF that blocks SQLMap. Or worse, I have seen some apps get taken offline by SQLMap. I'm sure you can tamper your way around the WAF but I enjoyed learning the manual steps.
Hey @IppSec love your content. you seam to have a slight audio issue this time. I think your noise gate is acting up. with headphones I can what I think is a fan in the background that is partially blocked but still getting through