Starting point - Vaccine

I'm following the walkthrough for "Vaccine" and when it says browse to port 80, I enter the IP (10.10.10.46) into firefox and it times out.

The machine has been restarted during the time I have been trying, am I missing something stupid?

«1

Comments

  • Make sure you're connected to the openvpn connection pack, maybe try reconnecting the connection by pressing ctrl+c in the window that openvpn is running in and then executing the script again.

  • Thanks for the quick reply, I did try that but I am able to scan the IP and connect to the FTP server, it responds to pings, it seems the HTTP server is down for some reason.

  • Its working now, not sure what happened, but I redownloaded my connection pack and reconnected, Although I had done previously. Thanks

  • I'm having the same issue with this machine, or at least a similar issue.
    Everytime I run:
    sudo sqlmap -u 'http://10.10.10.46/dashboard.php?search=a' --cookie="PHPSESSID=" --os-shell
    It starts to timeout and then I can't browse or do anything until the labs reset.

    Sorry, my comment isn't helpful.

  • I have an issue with Vaccine, I cannot do the sqlmap section, whenever I try it fails, if I accept the 302 redirect, it says cannot to connect to URL, if I don't it says all tested parameter appear to be not injectable (based on the walk through, the GET should be injectable...)

  • Yep also having that issue, I gave it a rest for a while but still no sqlmap fails to find injectables or it drops connection.

  • Same issue. sqlmap freezes the site up!? Anyone know a work around?

  • Did you get round the issue, same thing happening to me.
    Type your comment> @Inigma said:

    I'm having the same issue with this machine, or at least a similar issue.
    Everytime I run:
    sudo sqlmap -u 'http://10.10.10.46/dashboard.php?search=a' --cookie="PHPSESSID=" --os-shell
    It starts to timeout and then I can't browse or do anything until the labs reset.

    Sorry, my comment isn't helpful.

  • @sa1lor unfortunately not. I just moved on to the next lab and forgot about this one tbh.

  • I'm having the same problem trying the sqlmap injection. Any ideas?

  • join "--time-sec 10 " and retry

  • same issue, GET parameter 'search' might not be injectable, all tested parameters do not aapear to be injectable

  • Type your comment> @Taurin said:

    same issue, GET parameter 'search' might not be injectable, all tested parameters do not aapear to be injectable

    Either you did not set the cookie parameter in sqlmap (you are being redirected to login page) or the HTTP server is stuck. It gets stuck always after someone tries to get os-shell there.

  • Found the best way to get the os-shell was to use burp with intercept mode on right from the login page; On the first packet which passes the PHPSESSION copy that into your sqlmap command and run it, I ran mine with --level 2 and --risk 2.

    Once it was running then forward all the packets and then sqlmap responded correctly.

  • I finally rooted with the help of this thread and the Python script referenced within the thread: https://forum.hackthebox.eu/discussion/3039/machine-name-vaccine-stuck-on-getting-sql-code-execution-shell

  • Type your comment> @Proelia said:

    I'm following the walkthrough for "Vaccine" and when it says browse to port 80, I enter the IP (10.10.10.46) into firefox and it times out.

    The machine has been restarted during the time I have been trying, am I missing something stupid?

    Hey All - having the same issue with this one. Was there ever any solution or should I just leave it and move on to another? Thanks

  • Hello everyone.
    I am having the same issue when trying to load the website from the Vaccine machine.
    It just times out and when I use --reason with nmap i see the service has a no-response

  • Facing same issue of website timing out.
    How to reset the box?

  • I have the same issue.

  • Same issue here aswell.

  • Same for me.

  • Same here, could we reset this device, please?

  • a restart would be good. I can ping the box but not connect to the web server

  • vote to reset the labs guys, its doing the same for me also :(

  • I cant even navigate to the webpage. times out every time. And yes, I'm connected to the vpn. Had this issue a couple weeks ago, gave up - decided to try again as it seems like a fun challenge - but i cant connect

  • I've got the same issue. It seems to have something to do with sqlmap: I could access the website via the browser and can run sqlmap without the --os-shell flag. This works fine but when I tried to run sqlmap with --os-shell t times out and the website isn't accessible any more......? Only on the next day I (after reset of the machine I think) I can access again. Does someone got an explanation for this?

  • Type your comment> @misterdulister said:

    I've got the same issue. It seems to have something to do with sqlmap: I could access the website via the browser and can run sqlmap without the --os-shell flag. This works fine but when I tried to run sqlmap with --os-shell t times out and the website isn't accessible any more......? Only on the next day I (after reset of the machine I think) I can access again. Does someone got an explanation for this?

    i cant even access the website...at all. vpn connected. refreshed vpn. deleted and downloaded new vpn file... internet definitely works...webpage wont load

  • Type your comment> @quantumtheory said:
    > Type your comment> @misterdulister said:
    >
    > (Quote)
    > i cant even access the website...at all. vpn connected. refreshed vpn. deleted and downloaded new vpn file... internet definitely works...webpage wont load

    Same with me. Happened yesterday. Can ping but can't access through browser
  • edited June 22

    Cannot open the webpage, I wonder if some nmap script is crashing http.

  • Same here, can't access the web page at all. I've voted to reset the box.

Sign In to comment.