Acid – Reloaded | Root privileged Escalation

Marshall R , Canada – Worst Company EVER! DO NOT USE! – STAY AWAY FROM JUST HOST, Do Not Use. I had a 1 Year 1 Domain name package free given to me from a template I purchased from another site as a promo, as I was also looking for a new domain name it came in handy, the email i used I lost access too a month into the subscription which was fine until i had to re log into the panel and was denied access saying my user credentials where invalid. I contacted support explained what happened and I would like access to my account, first they wanted a CC, i had a Prepaid MC with me (ones you use and throw out) I said i might of used it but because of it being a throw away I don’t have it no more, i said their should be other ways to verify me, name, phone call, I even wanted to given them my Drivers ID, they refused and said sorry we cant do nothing, since then I have had No way to access my account and they have been holding my domain name hostage. I advise you unless you want them to steal your domain name, DO NOT USE THEM AT ALL

#acidreloaded #sqlmapadvanced #liveheader #livechallange #stenography #privilegedescalation
nmap -sT -p- -Pn IP -oN nmap_scan.txt

For open filtered port I’ve run this command

for x in 3 2 1; do nmap -Pn –host_timeout 201 –max-retries 0 -p $x; done

Or I’ll post bash script later very soon

P.S. If you’re using Virtualbox, please be sure that you’re using just Host-only Adapter, otherwise the knock will fail. Don’t know why, but as soon as I’ve changed it the port was open.

After knocking I’ve run nmap again to check what was changed, and this is what I’ve found:

nmap -sS -p- -Pn IP -oN nmap_scan_stealth_2.txt

So, Dirbuster has always been my friend.
sqlmap -u “” –dbs –dbms=MySQL -p “id” –tamper=space2comment

For more contact me