Wall

2 hours to go, thought I'd get this thread started!

Hack The Box
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )

«13456718

Comments

  • Is it just me, or the machine is inaccessible on EU servers?

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • @tang0 said:

    Is it just me, or the machine is inaccessible on EU servers?

    Machines appear on the list (and retire the old ones) a few hours before they go live. Just under two hours until it's live.

    Hack The Box
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )

  • machine is still inaccessible ... :)

  • Type your comment> @clubby789 said:

    @tang0 said:

    Is it just me, or the machine is inaccessible on EU servers?

    Machines appear on the list (and retire the old ones) a few hours before they go live. Just under two hours until it's live

    Oops, my bad. I guess i'll have to wait then. Thanks for the prompt reply.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • 20 minutes left :) shit I'm loaded with coffee, what a mistake

    S1ph1lys

  • can someone help with root

  • Yeah sure, if you go back in time far enough, you will eventually pop back into the future where you have already rooted the box, please respect :)

    S1ph1lys

  • so guyz is it some kinda firewall st up ? the name of the box and the nmap scans make me think. there is a firewall setup..most ports are filtered..not to seem to get any interesting directories in port 80 too ..hmmm

  • Umm my full port scan is still running in the background, but I'm getting two open ports (usual ones ;) ) and a couple of interesting pages including a login ;) check your vpn maybe ?

    S1ph1lys

  • ohh god vpn prob ? hahahaa alryte thnx dude

  • Oh dear, another box with a default apache home page. Not filled with hope.

    Hack The Box
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )

  • there is a file through my dirb..but too odd...**.php is this valuable or something...just prints out a single number.hmm

  • @Shad0wQu35t said:

    there is a file through my dirb..but too odd...**.php is this valuable or something...just prints out a single number.hmm

    Really? Dirb hasn't found anything like that for me

    Hack The Box
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )

  • @clubby789 i ran with the -X .php tag to find any php files...

  • yeah there is also an /m*******g and /s****-s***s pages but not much more hmm

    S1ph1lys

  • Type your comment> @S1ph1lys said:

    yeah there is also an /m*******g and /s****-s***s pages but not much more hmm

    idk man my dirb didn't show those stuff....nikto didn't give me anything too

  • i tried several dictionaries before finding 2 files + protected folder...

  • How many wordlists/scanning tools are we going to need on this...

    Hack The Box
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )

  • All the tools :) I just hope it's not a guess box

    S1ph1lys

  • I found all of those pages with dirbuster and just the common word list.... What word lists are you guys using?

  • I just switched, but was using dirbuster medium.txt

    S1ph1lys

  • Gotcha, well I have a login page but I am not finding any good leads as to where to get creds, I'm with @S1ph1lys, I hope its not a guess box lol

  • Seems like a bruteGuess box....

  • +1 I hope its not a guess / brute box
    no creds found

  • i also have two php pages **.php and *****.php along with a protected dir. Not able to find anything else

  • I guess I'll have to try brute forcing when I get off work, connection is too shit here. What do you guys normally use when brute forcing this kind of authentication? I am pretty sure it is pretty easy through B.S. but I am curious if anyone else prefers another way, if you wanna PM me I am eager to learn!

  • You do not need to bruteforce to get past the wall.

  • i use wfuzz to brute force basic authentication
    hydra is nice too

  • so you made a good guess

Sign In to comment.