Wall

2456727

Comments

  • Type your comment> @poker1 said:

    so you made a good guess

    No guessing either. I'll be checking back soon, but RCE feels so close.

  • Type your comment> @argot said:

    You do not need to bruteforce to get past the wall.

    so to clarify you found the creds, you did not have to guess?

  • That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php

  • edited September 2019

    .

  • edited September 2019

    There's a hidden directory scripts don't leak...

    Tohzzicklao

  • @argot said:

    That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php

    Do you mean p****.php for that last one? Haven't seen p******.php

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • there is another page that you get 40*

  • If you are having trouble finding a thing past the regular dirb stuff, I suppose the right dictionary list would help, but you really only need to consider a couple of verbs.

  • Congratz @qtc

    S1ph1lys

    We are the things that were and shall be again

  • Completely stuck here with just a*.php, p****.php, m*********, s*****-******.

    @argot can you give us another hint? lol

    n4sa

  • edited September 2019

    Type your comment> @n4sa said:

    Completely stuck here with just a*.php, p****.php, m*********, s*****-******.

    @argot can you give us another hint? lol

    So, I figure there are two ways to get this. "Very good OSINT skills" or VERBS.

    English teachers can be very good at monitoring their class. Often times, if you use the wrong verb, they wont let you go. If you use different VERBS, maybe they'll let you go or at the very least they'll be more talkative.

    There are lots of verbs in the dictionary, but really you only need to know, like, six of them. Especially when trying to get a foothold.

  • nevermind @argot, I think I figured it out

    n4sa

  • Type your comment> @n4sa said:

    nevermind @argot, I think I figured it out

    I'm still waiting for Dirb to magically give me a directory with user:pass? will it work xd?

  • @SioVer I used gobuster, but dirb should be giving you the same directories depending on your word list. Honestly all the main wordlists should give you everything you need.

    what has dirb found so far?

    n4sa

  • Type your comment> @n4sa said:

    @SioVer I used gobuster, but dirb should be giving you the same directories depending on your word list. Honestly all the main wordlists should give you everything you need.

    what has dirb found so far?

    s*****-s****/,p****.p, a*.p, and the restricted one m*********/

  • Yeah @SioVer that's all you need. Look at argot's hints above.

    n4sa

  • Type your comment> @n4sa said:

    Yeah @SioVer that's all you need. Look at argot's hints above.

    Ok, I think I got it. Thanks both

  • @argot thanks for the hint, was stuck at that 'wall' for way too long :P

  • You do not need to bruteforce the basic auth ;)

    R4J

  • edited September 2019

    Loving the box so far

  • edited September 2019

    Spoiler Removed

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Got the login, the **.php, the m********/, the s*****-s****/ and the p****.php, am I missing something to find creds?

    Hack The Box

  • Yeah I'm pretty much stuck at c******* and ran gobuster but haven't found any creds

    n4sa

  • edited September 2019

    I'm guessing this is CTF-like so not expecting to find any creds

    n4sa

  • So, I've managed to discover the c******n directory but, haven't discovered any creds.
    Just needing to enumerate more or?

  • Type your comment> @Nihlander said:

    So, I've managed to discover the c******n directory but, haven't discovered any creds.
    Just needing to enumerate more or?

    Same, not liking this one already.

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • edited September 2019

    Managed to get logged in... I think it's intended to just guess the password...

  • Did you wfu** it (or other methods) or guessed manually? I'm stuck at a directory mentioned before.

  • Was able to login to c******* but have no idea where to go next

  • Type your comment> @Nihlander said:

    Managed to get logged in... I think it's intended to just guess the password...

    Was there a base to which you made a guess?

Sign In to comment.