Jerry

easy and simple box nothing complicated, basic enum will let you own it in a matter of minutes, i like those kind of boxes they represent simple misconfigurations on real production enviroments.
+1 to the creator

+1

@Cryovenom said:
Yeah, I couldn’t get into this box last night to save my life. This morning about a minute after someone reset the box I was able to try and get manager access just using list of default credentials. So if anyone was banging their head against the wall on this one, reset it and give it another try.

Oh, and for anyone who doesn’t spend a lot of time on windows, “type” is the windows equivalent of “cat” when you finally find the flag text file.

you should not give that much out… i mean this machine is easy, so this stuff is the minimum to research if you are new… just my perspective though. :slight_smile:

@w31rd0 said:
you should not give that much out… i mean this machine is easy, so this stuff is the minimum to research if you are new… just my perspective though. :slight_smile:

Yeah the box is easy, it’s hard not to give too much away while helping people not go crazy from the fact that some jackass keeps changing the password. (and type == cat isn’t a spoiler, just saving them a 30 sec google search).

I was getting frustrated on this box, and it helps knowing if you were on the right track. Else you might never go back and re-do your initial stages and figure it out.

what is wrong with this machine? even after reset the username and password doesnt work anymore

I tried all the default credentials but still can’t get it… what am i missing here…

Enumerate more, enumerate more :wink:

@packetrider said:
!!! damnit! that was it… I had it from the beginning but someone / everyone changed the password.

This is basically typical problem of a small dXck. What can do a sad, rejected person with a small dXck? Spoiling others fun is the only option. I think you should demonstrate more empathy. Life of someone who always has to pay for ■■■ is not a piece of cake …

I tried that password like 20 times… now it works… this machine sucks…

I finally got this machine. Getting in is hard because the password keeps getting reset. I just got lucky.

This box sucks. I’ve got the password, it works then when I try the next part of the exploit the password no longer works. Even after a reset, a few min later the password no longer works. Total waste of time.

@murp said:
This box sucks. I’ve got the password, it works then when I try the next part of the exploit the password no longer works. Even after a reset, a few min later the password no longer works. Total waste of time.

It’s because the password gets changed by someone everytime…

Well, I am able to login to manager/status, but when I try those creds to manager/html, I got 403 immediately. If I try other credentials I was asked for usr:pwd again, so I assume there is something going on. WTF:D

Looks like it started working good.
There should be some monitoring for trolling in place.

Well, that was an easy one :slight_smile:

Anyone want to PM me a hint on this one? I’m new to this and I think this one should be easy but I can’t find a way to brute force the login page.

Hi n0bf, bruteforce was not the right way :slight_smile:
If you have find the login page, you can try to find information to connect without bruteforce

Where is the user.txt file it isn’t in public or admin desktop files, and they’re all that I can see.
Also people keep resetting my webshell, you cannot use it, goes to my lhost…

rooted :frowning:

probably the easiest host ever, a bit over 5 min. for all