Official Unbalanced Discussion

Official discussion thread for Unbalanced. Please do not post any spoilers or big hints.

«13456

Comments

  • nothing, well I have nothing, just wanted to be fist to post :)

    adyd

  • edited August 1

    I found something, however, it's not a whole lot. Edit, got a hash of some kind

    S1ph1lys

    We are the things that were and shall be again

  • got hash and password from it. just not sure what next? :)

    adyd

  • I got them too. I am stuck at the web page with username and password.
    I tried the two passwords that I got, but didn't work.

  • did you guys pass through sq****?

  • At the web page with uname and pass as well. Don't have any hashes. Were those in the same group of items that pointed you to the page? Trying to be vague, hope that makes sense.

  • Oh, I see what you mean. I missed it.

  • Spoiler Removed

    S1ph1lys

    We are the things that were and shall be again

  • got the passwords and such but cant login. something i missed?

  • Nice box thanks to the creators @polarbearer & @GibParadox

    'These violent delights have violent ends'

  • So, i found something that needs a username and password, but havent found whatever everyone here is talking about. I am missing something for sure...

    lmakonem

    If I helped you out at all, feel free to click my badge and give +1 respect!

    My youtube tutorials: https://www.youtube.com/channel/UCXPdZsu8g1nKerd-o5A75vA

  • is the vulnerability in squi*? or some other?
    any hints ?

  • edited August 2

    Type your comment> @3301n said:

    is the vulnerability in squi*? or some other?
    any hints ?

    I looked at the tentacle beast as well but if I understand the articles correctly the vulnerability could crash the server also I cant really find a proof of concept.

  • so i'm on a web page but i don't have any creds except the one password we used to get info about this page. Any nudges will be appreciated.

  • edited August 2

    @D8ll0 said:
    I got them too. I am stuck at the web page with username and password.
    I tried the two passwords that I got, but didn't work.

    Anyone can give me a hint on how to access this web page? I have read sq*.cf and found the special site, but I have no idea how to access it.

  • @axxer said:

    so i'm on a web page but i don't have any creds except the one password we used to get info about this page. Any nudges will be appreciated.

    You have some configuration files, and a web page what do you need more ?
    Look at the conf files and also interact with one of the open port, you may found something useful to use. You need to understand the infrastructure of this network.

    Enumeration is the key on this one.

    'These violent delights have violent ends'

  • This box is driving me insane. Got everything that everyone above mentioned, enumerated more...but still cannot sign into that login page.

    lmakonem

    If I helped you out at all, feel free to click my badge and give +1 respect!

    My youtube tutorials: https://www.youtube.com/channel/UCXPdZsu8g1nKerd-o5A75vA

  • i found something. but thats all data any nudge for that, or anything i am in wrong way?

  • I can get to the page we're discussing, get a 200 just fine. Can't seem to find the hashes people are mentioning though. Any tips?

    Hack The Box

  • edited August 3

    Spoiler Removed

    Hack The Box

  • Type your comment> @jindom said:

    got the decrypted conf file, changed something in my local box, but still not be able to find the login page in that http port, any help?

    Use the bridge. That eight arms dude is your friend.

  • Also stuck at the login page. Combing through the config files again but my first pass only found 1 password that doesn't seem to be used.

  • edited August 3

    Stuck on login page.

  • HELP needed!! found some files but they are encrypted. cannot see how to access.

  • Got into mgr and enumerated more hosts, one seems acting different than the others. Still wondering if the cve for s**id is a rabbit hole or not? Found a poc but haven't get it to work yet.

  • Type your comment> @axxer said:

    so i'm on a web page but i don't have any creds except the one password we used to get info about this page. Any nudges will be appreciated.

    Same here. This is my first Hard Machine :tongue: :neutral:

  • edited August 4

    It was an iteresting expirience, learnt a lot on this box.

  • edited August 3

    Got user :neutral:

  • Hint: don't get stuck on rabbit holes like i did. If you tried everything that you can, take a step back and think about what you are doing. How is the architecture designed? How does it work? How does that compare to what you have?

    Research every piece of info that you get, especially from the locations that everyone is mentioning here. There is a way in.

    lmakonem

    If I helped you out at all, feel free to click my badge and give +1 respect!

    My youtube tutorials: https://www.youtube.com/channel/UCXPdZsu8g1nKerd-o5A75vA

  • User is the only hard part in this box.
    For root just read what you have and find exploit, there is MSF available for this.

Sign In to comment.