1st blood after (almost) 16 hours! Tough going here clearly - about the foothold, I was wondering about the possibility of contraband on the most trafficked port - would that be possibly a path to follow?? 'Cause I've fuzzed this baby like a motherfuzzer!!!! And...nada, nichts, rien, tipota and ingenting...nothing to see on the cool horizon of http-land...lost for now - any hint on initial direction?
Virtual hosting is not revealing anything for me at least. Any other pointers?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect: https://www.hackthebox.eu/home/users/profile/122308
So, i'm currently logged in with h**k, found the vulnerability in se*****dates.*** and found a PoC for it but i can't get it to work. I appreciate any help on that matter
Hi, I have tried to get the initial foothold using VHostScan but with no result. Is this a rabbithole - I mean trying to use wordlist to get a valid subdomain. What is a better approach? thx
Comments
Hi
Hi
Hi
Any thing found
Type your comment> @sparkla said:
Take it as a lesson my friends, jokes and fooling around in a deserted thread will no longer be tolerated.
Two people have user. Damn! There goes my chances! ahahahaha
1st blood after (almost) 16 hours! Tough going here clearly - about the foothold, I was wondering about the possibility of contraband on the most trafficked port - would that be possibly a path to follow?? 'Cause I've fuzzed this baby like a motherfuzzer!!!! And...nada, nichts, rien, tipota and ingenting...nothing to see on the cool horizon of http-land...lost for now - any hint on initial direction?
Is it about virtual hosting
@Cmdking01 thank you!
Virtual hosting is not revealing anything for me at least. Any other pointers?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect:
https://www.hackthebox.eu/home/users/profile/122308
Attack => *******.crossfit.htb/vendor/
403 Forbidden error
Type your comment> @solid5n4k3 said:
They are being funny
Always happy to help, DM me if you need anything!
Link to Profile
Funny like a clown
Quote from Goodfellas
They said piece of cake since they realised it's easy
So, i'm currently logged in with h**k, found the vulnerability in se*****dates.*** and found a PoC for it but i can't get it to work. I appreciate any help on that matter
EDIT: nvm! i got it
Hi, I have tried to get the initial foothold using VHostScan but with no result. Is this a rabbithole - I mean trying to use wordlist to get a valid subdomain. What is a better approach? thx
I am trying to find the inital foodhold I already tried to dirsearch, dirbuster ect. but do not find anything. Can someone point to a useful tool
rooted. The root part is crazy
OSCP | Sec+ | MCSE | VCP | CCNA
can someone help me with root. analyzing d---g file with ghidra found function p------_d---
what to do next. new to binary exploitation
I now have USER. big thanks to @justAhmed and @luca76.
Working towards root now
rooted. This was very fun, educational and challenging box. Big thanks to @justAhmed and @jkana101 for helping me along the way.
Spoiler Removed