Wall

2 hours to go, thought I'd get this thread started!

clubby789

  • GCIH
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
«13456727

Comments

  • Is it just me, or the machine is inaccessible on EU servers?

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • @tang0 said:

    Is it just me, or the machine is inaccessible on EU servers?

    Machines appear on the list (and retire the old ones) a few hours before they go live. Just under two hours until it's live.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • machine is still inaccessible ... :)

  • Type your comment> @clubby789 said:

    @tang0 said:

    Is it just me, or the machine is inaccessible on EU servers?

    Machines appear on the list (and retire the old ones) a few hours before they go live. Just under two hours until it's live

    Oops, my bad. I guess i'll have to wait then. Thanks for the prompt reply.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • 20 minutes left :) shit I'm loaded with coffee, what a mistake

    S1ph1lys

  • can someone help with root

  • Yeah sure, if you go back in time far enough, you will eventually pop back into the future where you have already rooted the box, please respect :)

    S1ph1lys

  • so guyz is it some kinda firewall st up ? the name of the box and the nmap scans make me think. there is a firewall setup..most ports are filtered..not to seem to get any interesting directories in port 80 too ..hmmm

  • Umm my full port scan is still running in the background, but I'm getting two open ports (usual ones ;) ) and a couple of interesting pages including a login ;) check your vpn maybe ?

    S1ph1lys

  • ohh god vpn prob ? hahahaa alryte thnx dude

  • Oh dear, another box with a default apache home page. Not filled with hope.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • there is a file through my dirb..but too odd...**.php is this valuable or something...just prints out a single number.hmm

  • @Shad0wQu35t said:

    there is a file through my dirb..but too odd...**.php is this valuable or something...just prints out a single number.hmm

    Really? Dirb hasn't found anything like that for me

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • @clubby789 i ran with the -X .php tag to find any php files...

  • yeah there is also an /m*******g and /s****-s***s pages but not much more hmm

    S1ph1lys

  • Type your comment> @S1ph1lys said:

    yeah there is also an /m*******g and /s****-s***s pages but not much more hmm

    idk man my dirb didn't show those stuff....nikto didn't give me anything too

  • i tried several dictionaries before finding 2 files + protected folder...

  • How many wordlists/scanning tools are we going to need on this...

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • All the tools :) I just hope it's not a guess box

    S1ph1lys

  • I found all of those pages with dirbuster and just the common word list.... What word lists are you guys using?

  • I just switched, but was using dirbuster medium.txt

    S1ph1lys

  • Gotcha, well I have a login page but I am not finding any good leads as to where to get creds, I'm with @S1ph1lys, I hope its not a guess box lol

  • Seems like a bruteGuess box....

  • +1 I hope its not a guess / brute box
    no creds found

  • i also have two php pages **.php and *****.php along with a protected dir. Not able to find anything else

  • I guess I'll have to try brute forcing when I get off work, connection is too shit here. What do you guys normally use when brute forcing this kind of authentication? I am pretty sure it is pretty easy through B.S. but I am curious if anyone else prefers another way, if you wanna PM me I am eager to learn!

  • You do not need to bruteforce to get past the wall.

  • i use wfuzz to brute force basic authentication
    hydra is nice too

  • so you made a good guess

Sign In to comment.