[WEB] Cartographer

Hey HTB users,

A buddy and I (@grimmvenom) have been trying to tackle Cartographer after successfully solving Learnean as they appear to be similar brute-force based challenges.

We've been unable to identify any additional information against the target in order to better tailor our brute force attempts except for the name of the challenge itself. We have been trying a 10 line userlist combined with the first 10k passwords of rockyou.txt in our brute force attempts, totaling 100k guesses without success. We're basing our 'success' response on the lack of a loginform div in the HTML source. We've previously tried Content-Length as an indicator as well.

We're thinking about creating a custom wordlist with hashcat and replacing cartographer with every leetspeak combination possible for the next time we try this challenge (we do a weekly meetup).

Any tips, hints or feedback on how we can better approach this challenge ?

Cheers,

  • Routeback
«134

Comments

  • edited October 2017

    so you try the same approach as on the other box and it doesn't seem to work ... what does it tell you ? :)

    sajkox

  • Don't brute force,It's way simple than you think.One of the basic login bypass techniques.

    Hack The Box

    Don't let the box pwn you!!

  • What does a Cartographer do?

    brutus

  • edited November 2017

    "Cartographer Is Still Under Construction! " True or just some tricks on the link?

  • @typing said:
    "Cartographer Is Still Under Construction! " True or just some tricks on the link?

    Are you searching flag ? ;)

    Agent22

  • @Agent22 said:

    @typing said:
    "Cartographer Is Still Under Construction! " True or just some tricks on the link?

    Are you searching flag ? ;)

    smash head on wall

  • edited January 2018

    Ya this one really requires someone who is familiar with typical CTF style things, otherwise you will probably break everything you own lol

    lowpriv

  • Hey, is anyone willing to make themselves available for me to check my current direction of travel with at all? Don't want spoilers or obvious gotchas on here, but would appreciate someone who has been successful sounding me out.
    Thanks in advance.

  • @25z2 said:
    Hey, is anyone willing to make themselves available for me to check my current direction of travel with at all? Don't want spoilers or obvious gotchas on here, but would appreciate someone who has been successful sounding me out.
    Thanks in advance.

    Feel free to hit me up.

  • @unashamedgeek said:

    @25z2 said:
    Hey, is anyone willing to make themselves available for me to check my current direction of travel with at all? Don't want spoilers or obvious gotchas on here, but would appreciate someone who has been successful sounding me out.
    Thanks in advance.

    Feel free to hit me up.

    Will do, cheers.

  • 5am5am
    edited May 2018

    Spoiler Removed - Arrexel

  • any hint ?

  • A useful check to keep in mind for a lot of things is: if something doesn't work, what's different between the methods? Check the response that wfuzz/dirb receives and see how it differs with your browser. What can you change to make the environment between them the same?

    berninator
    Out of practice OSCP

  • @berninator said:
    A useful check to keep in mind for a lot of things is: if something doesn't work, what's different between the methods? Check the response that wfuzz/dirb receives and see how it differs with your browser. What can you change to make the environment between them the same?

    done ! thank you

  • I'm using Burp Suite's Intruder feature to fuzz the URL, however I'm not getting any hits and not sure what to check next. All the status' are 200 with Not Found in the response. Same results with wfuzz. Any hints?

  • Hello guys

    I read all your posts and I am having hard time to solve this CTF because I am also new to CTFs. The thing is that I tried Fuzzer and dirb in any possible way including changing the parameters (e.g. /panel.php?FUZZER=FUZZER or FUZZER.php?) but still dont work. Can someone either PM me to just tell me what I am doing wrong I dont want the solution straight ahead but just tell me what I am doing wrong. Thank you :)

  • edited February 2018

    GOT IT GUYS THX

  • Could someone point me in the right direction? Tried bruteforcing user, sql inject. Fuzzed the urls and found panel.php, but it is a direct redirect. Tried to fuzz any parameters in the form of FUZZ=FUZZ but also did not succeed, now I am stuck.

  • @thechib12 - what's the most basic way to bypass the login form? Do this first. And then go to work fuzzing.

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • @n3tc4t said:
    @thechib12 - what's the most basic way to bypass the login form? Do this first. And then go to work fuzzing.

    Ye found it already, was thinking too much I forgot the most simple things

  • im getting nowhere on this, ive bypassed the login and now im stumped. Tips and hints would be much appreciated, thanks :)

  • @H1LNDR, after bypassing the log in you need to figure out where else you can go. Your currently HOME. Go somewhere else.

  • @Boakill said:
    @H1LNDR, after bypassing the log in you need to figure out where else you can go. Your currently HOME. Go somewhere else.

    LITERALLY, just completed it there, haha, thanks <3

  • Still stuck on this, I got the username/password but after fuzzing the crap out of the url, I still can't find the keyword to use to go somewhere other than HOME.

  • @meni0n @Boakill has given a great clue!

  • edited March 2018

    Can't get trough the panel

  • @Boakill said:
    @H1LNDR, after bypassing the log in you need to figure out where else you can go. Your currently HOME. Go somewhere else.

    how to it. when the fuzzing techniques you use send back no found

  • @emkac said:

    @Boakill said:
    @H1LNDR, after bypassing the log in you need to figure out where else you can go. Your currently HOME. Go somewhere else.

    how to it. when the fuzzing techniques you use send back no found

    Your overthinking it. The answer is simple, but insanely frustrating. Think about what you are looking for on the box. Try going there.

  • @MackyNous said:
    Can't get trough the panel

    What is the easiest type of web login bypass? Try it

  • @meni0n said:
    Still stuck on this, I got the username/password but after fuzzing the crap out of the url, I still can't find the keyword to use to go somewhere other than HOME.

    Check my answer to emkac 2 spaces up.

Sign In to comment.