Luke

1356723

Comments

  • Hmm... easy box

    Hack The Box

    OSCP | OSWP | CPHE (CyberSecurity Analyst)

  • Rooted! Felt like I was doing a CTF again, Learnt some new stuff, so I can't complain.

  • edited May 2019

    Type your comment> @syan1de said:

    Rooted! Felt like I was doing a CTF again, Learnt some new stuff, so I can't complain.

    Any tips on how to come across the token? I know how to use it once I get it since it is similar to another box that's active, but I only have the txt file which I guess is a reference to some anime.

    I used dirbuster to enumerate endpoints.

  • edited May 2019

    Anyone kind enough to give me a nudge, found plenty of creds, seem unusable.... Thanks

    edit: nevermind...

    you got to eat shit to know shit

  • edited May 2019

    Authenticated into A***** but stuck. Just got a pretty much blank UI. Rabbit hole?

    Edit: Nevermind. UI is there after reset. Someone must have spooned it.

    tiger5tyle

  • Type your comment> @ZerkerEOD said:

    Type your comment> @1NC39T10N said:

    I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.

    Do you know why gobuster doesn't work? I found out I could use dirsearch.py also.

    Also anyone able to help me with some type of resource for the n**.j page? Can't find anything.

    Gobuster won't work by default because one of the directories in question will respond with a 403 status code, which gobuster chooses to ignore unless you configure otherwise.

  • My connection to this box is very inconsistent. I think there is a high number of people brute forcing this box.

  • I've spent a couple hours looking into this and though I've found a couple login pages, I've yet to discover any creds.

    I feel like I've glossed over it as I've checked each port, dirb/nikto/dirsearch the ports and I've been looking into n****s and I've gotten no further :/

  • Type your comment> @zetascrub said:

    I've spent a couple hours looking into this and though I've found a couple login pages, I've yet to discover any creds.

    I feel like I've glossed over it as I've checked each port, dirb/nikto/dirsearch the ports and I've been looking into n****s and I've gotten no further :/

    If you're looking for files that might contain credentials, remember to search for more than just directories.

    Hack The Box

  • Well that was easy, rooted! Anyone needs help PM me :)

  • I need some guidance, I found the initial credential, after that I got a list of users without a password. From here, I do not know where to go. If anyone can help PM me, thank you.

  • edited May 2019

    I need help
    I found many credentials non of them usable

    Arrexel
    Ask for hints only please and give +1 respect if you like my hints. Thank you

  • i got root.txt
    thanks for everyone
    FEEL FREE TO PM

  • Finally, pwned it. I've learned a new thing. Thanks, @syan1de for an awesome hint. Feel free to PM me if you got stuck.

    idealphase

  • Rooted! Thanks @idealphase for the nudge! Anyone who need help feel free to pm ;)

    Hack The Box

  • Type your comment> @Ryan412 said:
    > The moment when this is a 30 points box making it equivalent to Unattended and Arkham ...........

    This.
  • any hint to get auth token...

  • Type your comment> @iamsundi said:

    any hint to get auth token...

    in pm

  • Hm... This box is very ctf-like. But thanks to the author
    Hints:
    User - Enum and do it.
    Root - Just do it. =)

  • Type your comment> @Ralveng said:

    Type your comment> @iamsundi said:

    any hint to get auth token...

    in pm
    check pm

  • edited May 2019

    Type your comment> @agr0 said:

    Gobuster won't work by default because one of the directories in question will respond with a 403 status code, which gobuster chooses to ignore unless you configure otherwise.

    I think you meant 401 rather than 403 (gobuster will list 403 by default, but not 401.) At least that was my experience.

    lduros

  • edited May 2019

    Hello,can someone help me?I am stuck on odd port

    Edit:
    Solved.I expected it to be more difficult. Thanks @lionelc for help with curl

  • Got root before user, is that the normal sequence? lol. Thanks for the box. Easy once you figure out the initial foothold.

    lduros

  • I have a login credential but I can not find where to use.
  • same here, a little stuck!!

    Hack The Box

  • Just rooted!
    Once past the initial foothold it was easy. All in all a fun box, but the root part was a bit disappointing.

  • Just rooted. Didn't like it. Root part - huge meh

  • why do the web servers become unresponsive once i directory scan? happens every single time i can never fully enumerate

  • I would appreciate some hints for this box. Please IM me .. I already have some creds.

    SiV4rPent3st

  • Rooted.
    Learned some things about port 3... Grate box thanks to author.
    User: If you nothing found with one tool, - use another.
    Play with username
    Root: Trust me: you'll see - nothing to do.
    Steel stack PM me.

Sign In to comment.