Jerry

@packetrider said:
!!! damnit! that was it… I had it from the beginning but someone / everyone changed the password.

This is basically typical problem of a small dXck. What can do a sad, rejected person with a small dXck? Spoiling others fun is the only option. I think you should demonstrate more empathy. Life of someone who always has to pay for ■■■ is not a piece of cake …

I tried that password like 20 times… now it works… this machine sucks…

I finally got this machine. Getting in is hard because the password keeps getting reset. I just got lucky.

This box sucks. I’ve got the password, it works then when I try the next part of the exploit the password no longer works. Even after a reset, a few min later the password no longer works. Total waste of time.

@murp said:
This box sucks. I’ve got the password, it works then when I try the next part of the exploit the password no longer works. Even after a reset, a few min later the password no longer works. Total waste of time.

It’s because the password gets changed by someone everytime…

Well, I am able to login to manager/status, but when I try those creds to manager/html, I got 403 immediately. If I try other credentials I was asked for usr:pwd again, so I assume there is something going on. WTF:D

Looks like it started working good.
There should be some monitoring for trolling in place.

Well, that was an easy one :slight_smile:

Anyone want to PM me a hint on this one? I’m new to this and I think this one should be easy but I can’t find a way to brute force the login page.

Hi n0bf, bruteforce was not the right way :slight_smile:
If you have find the login page, you can try to find information to connect without bruteforce

Where is the user.txt file it isn’t in public or admin desktop files, and they’re all that I can see.
Also people keep resetting my webshell, you cannot use it, goes to my lhost…

rooted :frowning:

probably the easiest host ever, a bit over 5 min. for all

2…txt is weak!!!

Wow that was too easy… :smiley:

can people not change the password…

basic enumeration will get you in

owned, very annoying box if you’re not vip, reset is mandatory before any exploit.
available for PM as usual :wink:

Hi Can a friend help me ? I found a username password but it isn’t true complete

If it wasnt for the issues with logging in I would have solved this one in un der 10 minutes as many people have mentioned. Very easy box, all the answers are available through enumeration and quick google search if your not familiar.