Vault

It's never too early to start discussing a new box!
Still enumerating, only found one 403 page :)

«13456711

Comments

  • same here :) but keep it up! Nmap is ready soon

  • I keep trying enumerating with gobuster
    But I get a lot of timeout errors
    many people are trying :(

  • The box is really slow!

    PsyXsouL

  • Reset incoming. Its epic slow

  • It's okay-ish on EU Free 1 for me :) Meantime I found a file in one of the directories that gives a 200 :)

  • @janewilde did you use a short, medium o large dict?

    n3v1l

  • Stuck in the vault ....

  • found login page. but tried with s*l. doesn't work.. any hint?

  • still on enumeration
    it is slow af

  • the box seems so fragile.
    from nmap to directory enumeration i have different results on every scan i run

  • edited November 2018

    WTF how do you find out these things? I tried gobuster with medium directory but nothing yet...

    Hack The Box

  • @NicoF2000 said:
    WTF how do you find out these things? I tried gobuster with medium directory but nothing yet...

    Gobuster can't find everything.

  • did you run nmap on ALL ports???

    n3v1l

  • Hmm, I'm logged in to the server but can't find user.txt...

  • @s1gh any hints how did you got shell without any spoiler?

    n3v1l

  • Is there any reason why gobuster wont find any pages?

  • @barango said:
    Is there any reason why gobuster wont find any pages?

    Yes there is

  • i got ssh session trying lateral movement

  • @gudj4qu3r said:
    @s1gh any hints how did you got shell without any spoiler?

    Kinda hard giving a hint without spoiling. But continue enumerating.
    You should be able to find an interesting page.

  • gobuster works just fine, you just have to search for the right thing.

    --Skunkfoot

  • Guys, after this machine is reset, please give it about 10-15 minutes for it to come back and be ready for your torture. Anything you do before that will be pointless and will just delay the boot time further.

  • where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?

    (sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)

    Opaque

  • @Opaque said:
    where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?

    (sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)

    You can try "directory-list-2.3-medium.txt".

  • @Opaque said:
    where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?

    (sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)

    You can get more here
    https://github.com/danielmiessler/SecLists

    I think you can install all that with "apt install seclists" as well if you don't want to clone it from git

    Rantrel
    ~|OSCP|~

  • @s1gh said:

    @Opaque said:
    where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?

    (sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)

    You can try "directory-list-2.3-medium.txt".

    @Rantrel said:

    @Opaque said:
    where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?

    (sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)

    You can get more here
    https://github.com/danielmiessler/SecLists

    I think you can install all that with "apt install seclists" as well if you don't want to clone it from git

    Thank you both, i will look into this.

    Opaque

  • I don't even see a user.txt so I assume I have to get from where I am to somewhere else before I can even get user? Is that right?

    --Skunkfoot

  • @s1gh said:

    @Opaque said:
    where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?

    (sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)

    You can try "directory-list-2.3-medium.txt".

    is it worked for you?

    banteng999

  • when it comes to stock lists, common.txt should be all you need.

  • Is the login page a rabbit hole? and should I be brute forcing it?

  • @codo said:
    Is the login page a rabbit hole? and should I be brute forcing it?

    Maybe and no. Continue your enumeration.

    --Skunkfoot

Sign In to comment.