Sense

The intended way is the way that you did it. You got them both using the same method, right?

I’m sorry, I’m still a bit lost. I feel like I’m missing a crucial piece of information. I’ve found these files and some information that gives me a username (Sorry, I’m trying to be vague), but I still don’t have a way of getting a password. I could try guessing passwords, but the box has a lockout after so many passwords, so that is pretty useless unless I’m gonna sit here and keep resetting the box. I’ve been scanning and scraping for a week now hoping that I’d find something else that I’m missing. I’ve checked certificates, cookies, directories, etc… Once I get this one piece, the exploit is obvious, but I’m lost on what I’m missing and I don’t seem to be making any more progress

@5aru - the username and password are located in the same exact place. Think about what software the machine is running and then read what the file says about the users password. One thing that tripped me up - the username is capitalized when you read it, but the correct username to log in with is not. Hope that helps.

That was it, thank you. I assumed the username was exactly as it appeared

@5aru said:
That was it, thank you. I assumed the username was exactly as it appeared

Same. This tripped me up for a hot minute. Congrats.

totally lost SENSE in this box. Did dirbuster but couldn’t find anything useful. can anyone PM me the hind.

Guys, hint on what to do after login? I’ve tried many exploits

@MrRobotty try playing with dirb or nmap and continue the journey …

Can someone shoot me a PM please? I found a spot to upload … this the right path?

use wfuzz with a specific extension

@roguesecurity said:
totally lost SENSE in this box. Did dirbuster but couldn’t find anything useful. can anyone PM me the hind.

+1

if you dont find with dirbuster, then try another tool, dirbuster can be good and very bad.

Got user and root. Extremely sensible.

Let me see if I got it right: it will be a file on web server that discloses the login credentials?

@zelsonm1 said:
Let me see if I got it right: it will be a file on web server that discloses the login credentials?

It is rated as ‘easy’… it took me a week to figure it out.

More like took a week to hit the dirbuster wordlist lottery. I get enumeration is supposed to be the name of the game with these boxes, but you don’t need to make it obnoxious. Just choose common wordlist entries, the result is the same whether you bruteforce for an hour or a minute.

@Pratik said:
Got user and root. Extremely sensible.

I am inside the Panel can you guide me what to do further? I saw place where i can upload files i dont where these files are getting stored so if upload a shell i dont know its path

@D4n1aLLL try harder. Enumerate more, do some research and you will find the answer

so has the login credentials changed since the default ones are not working ?

@netarg said:
More like took a week to hit the dirbuster wordlist lottery. I get enumeration is supposed to be the name of the game with these boxes, but you don’t need to make it obnoxious. Just choose common wordlist entries, the result is the same whether you bruteforce for an hour or a minute.

Glad its not only me who has struggled with this. Taken longer to do enum on the this host then any other. Totally agree with point about the common word list values or a cell on website text