Smasher2

A sequel machine?

hmmmmmmmmmmmmm

"ClickmedotEXE"
CISSP | OSCP
arodtube

«13

Comments

  • My usual wordlist failed me and the one I never used hooked me up... sigh..

    "ClickmedotEXE"
    CISSP | OSCP
    arodtube

  • has anyone managed to log into the other website yet?

  • The site says: “Please no...” xD

  • Nope. Can't log in on either right now.

    Doesn't help that my VM took a crap xD. It was a matter of time. #vbox

    "ClickmedotEXE"
    CISSP | OSCP
    arodtube

  • are you facing wonderful..... timeouts?

  • edited June 1

    dzonerzy dropped a hint - I'm sure he won't mind me sharing: user: admin, password beginning wth C. common.

    thanks dzonerzy :heart:

    sorry make that an 'a', no its DEFINITELY A 'C' rockyou baby

    izzie

  • @sm0n6 said:
    are you facing wonderful..... timeouts?

    same here, nothing for about 15 minutes now

  • edited June 1

    Type your comment> @tnickb6782 said:

    @sm0n6 said:
    are you facing wonderful..... timeouts?

    same here, nothing for about 15 minutes now

    well there is some heavy bruteforcing going on so ymmv , maybe switch zones?

    izzie

  • edited June 4

    Type your comment> @SpaceMoehre said:

    The site says: “Please no...” xD

    Only managed to find that single web dir...

    Edit: Got creds and logged in to /b*****. Found the .p* and .s* files. Seems like there's something else going on but I need to figure out how to access it.


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Two hackers compromised this box, and one marked it as very hard while other marked as very easy. I wander why some people mark very hard boxes as very easy? What does that mean?

    Obviously it could not be really very easy. How is it possible to spend several hours for researches and say that it was very easy?)

    tabacci

  • I could be wrong but I assume the person who rated it really easy might be trolling since it took first blood 7 hours to even get first blood user and still no root blood.

  • I didn't had the chance to try Smasher. I'm just a poor guy using the free servers. Is it a prerequisite for Smasher2?

    limbernie
    Write-ups of retired machines

  • edited June 2

    Type your comment> @tabacci said:

    Two hackers compromised this box, and one marked it as very hard while other marked as very easy. I wander why some people mark very hard boxes as very easy? What does that mean?

    Obviously it could not be really very easy. How is it possible to spend several hours for researches and say that it was very easy?)

    If you remember, first 11 guys marked Unattended like very easy box

  • If you remember, first 11 guys marked Unattended like very easy

    they must be jokers)

    tabacci

  • edited June 2

    Login page it's a rabbit hole?
    Do I need to make a brute force the login page?

  • root is amazing, fell in love

    sig

  • I feel like i've gotten nowhere on this box.

  • anyone succeed authenticate on b***** dir?

  • @Moshker yeah, feel free to PM, although I'm stuck at the next bit :P

  • Type your comment> @Moshker said:

    anyone succeed authenticate on b***** dir?

    Yes. I used the big list but it took forever. Ran is overnight. Then I figured out box creator dropped a hint on how to grep the right stuff xD

    "ClickmedotEXE"
    CISSP | OSCP
    arodtube

  • Do I need to brute or find SQLi on w********r page?

  • Looking for some help with a a**.y script??? I got the creds now dont know how to leverage the info inside. PM if you can help thanks

  • i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

  • edited June 4

    Type your comment> @kartik007 said:

    i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

    I don't mean to be brash, but if you're a true "newbie", then I'd suggest starting on an easier box. This box has been rated "Insane" by the creator/mods, so if I were you I'd maybe take a crack at boxes like "Help", "Netmon" or "Bastion" to get your feet wet. Then, maybe try moving towards more difficult boxes.

    I will tell you truthfully that, if you're already struggling to bypass the default h*** a*** on the /b***** directory then you are definitely going to struggle with the ensuing steps as well... (it doesn't get any easier!).


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @Farbs said:

    Type your comment> @kartik007 said:

    i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

    I don't mean to be brash, but if you're a true "newbie", then I'd suggest starting on an easier box. This box has been rated "Insane" by the creator/mods, so if I were you I'd maybe take a crack at boxes like "Help", "Netmon" or "Bastion" to get your feet wet. Then, maybe try moving towards more difficult boxes.

    I will tell you truthfully that, if you're already struggling to bypass the default h*** a*** on the /b***** directory then you are definitely going to struggle with the ensuing steps as well... (it doesn't get any easier!).

    thank you and i will take your suggestion

  • so is B**** F****ing the J*** on the second log** the correct way or does the .s* file have the thing in it to get in?

  • edited June 6

    Do you have to bruteforce the second login? Because it's as brittle as crackers and immediately starts timing out as soon as I start testing against it and have to restart the server.

    Edit: I haven't made it past the second login yet, but based on what I found at another place I don't think you need to bruteforce it. They probably wouldn't have given us what they did if you had to.

    Hack The Box
    Null | Nada- | Zip | Diddly | Zilch+

  • Man... This was a hell of a challenge... Many, many hours staying up and trying to get it, but with the help of a couple of lovely people on this site, we managed to finally get root! Thanks @dzonerzy and @xG0 for the wild ride, can't wait for Smasher3!

Sign In to comment.