Unattended

I just wanted to get this started XD
Live in less than 30 minutes

«13456

Comments

  • Box released !

  • has anyone found anything? all the websites just return a 503 error?

  • I've found the site, but that's about it

  • Very bad box so far

  • were you actually able to find a site? all i get is the error?

  • So far for me this box has been very unstable, half the time the website wont load....

  • I'm just having trouble figuring out where to go from where I am. I've tried so many different things already lol

  • So far so good just enum couldn't find anything juicey even sqlmap is so slow

  • I'm going to have to come back to this. I need food XD

  • Hm, I'm on pass three with Gobuster and adding some extensions, nothing yet. Wondering if the weird hostname has anything to do with it

  • Found ftp creds. No idea were to use them lolz

  • How in the world you got them?
    Getting nothing here

    Hack The Box

  • ^ are you a wizard?

  • Enumerate the site, note they got hacked recently.

  • This box is pretty frustrating so far. Found the simple website, noticed a couple interesting things about how things on that are named, but it's starting to feel very #guessthebox.

  • edited April 13

    The "site" on my end (on both 80 & 443) is either "connection reset" or literally blank with no data received. After a total of 6 passes with GoBuster, cranking out a massive list including multiple extensions... I hit on nothing. At all.

    Something is janky here.

    ETA: Oh, but interesting hostname here. That's kinda nice. Gonna sit this one out til it's not getting fingerblasted.

  • Type your comment> @Malone5923 said:

    Found ftp creds. No idea were to use them lolz

    I found them also, but nothing else too awful interesting yet

  • Type your comment> @0PT1MUS said:

    Type your comment> @Malone5923 said:

    Found ftp creds. No idea were to use them lolz

    I found them also, but nothing else too awful interesting yet

    Yeah. I am also stuck at this point.

  • Yeah, I didn't find those lol
  • 25, 465, 587 ...

  • Type your comment> @redhot said:

    25, 465, 587 ...

    wish i had burp pro..

  • Type your comment> @7355608 said:

    Type your comment> @redhot said:

    25, 465, 587 ...

    wish i had burp pro..

    These numbers are at least slightly significant and they correspond with pages on the simple site in ways other than just how you first found them, but I'd love to have the hours I've spent attacking this site with burp pro back. :p

  • Type your comment> @redhot said:

    25, 465, 587 ...

    yea these are smtp ports, i enumerated all the numbers up to 10000 for the id parameter and got nothing...

  • Type your comment> @7355608 said:

    Type your comment> @redhot said:

    25, 465, 587 ...

    wish i had burp pro..

    You dont need pro for that. You can use the community version or just use curl with some bash scripting.

  • Type your comment> @Malone5923 said:

    Type your comment> @7355608 said:

    Type your comment> @redhot said:

    25, 465, 587 ...

    wish i had burp pro..

    You dont need pro for that. You can use the community version or just use curl with some bash scripting.

    i know i'm just commenting on the fact that community version throttles intruder. that is all.

  • or just wfuzz it

    Hack The Box

  • edited April 13

    Did someone find the developer site's server?

  • so for the different id numbers should i expect to find one that reveals something different because im enumerating through a huge list of number and am still getting nothing...

  • Kudos to @mprox for the First Blood User
Sign In to comment.