Edit: Got creds and logged in to /b*****. Found the .p* and .s* files. Seems like there’s something else going on but I need to figure out how to access it.
Two hackers compromised this box, and one marked it as very hard while other marked as very easy. I wander why some people mark very hard boxes as very easy? What does that mean?
Obviously it could not be really very easy. How is it possible to spend several hours for researches and say that it was very easy?)
I could be wrong but I assume the person who rated it really easy might be trolling since it took first blood 7 hours to even get first blood user and still no root blood.
Two hackers compromised this box, and one marked it as very hard while other marked as very easy. I wander why some people mark very hard boxes as very easy? What does that mean?
Obviously it could not be really very easy. How is it possible to spend several hours for researches and say that it was very easy?)
If you remember, first 11 guys marked Unattended like very easy box
i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me
i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me
I don’t mean to be brash, but if you’re a true “newbie”, then I’d suggest starting on an easier box. This box has been rated “Insane” by the creator/mods, so if I were you I’d maybe take a crack at boxes like “Help”, “Netmon” or “Bastion” to get your feet wet. Then, maybe try moving towards more difficult boxes.
I will tell you truthfully that, if you’re already struggling to bypass the default h*** a*** on the /b***** directory then you are definitely going to struggle with the ensuing steps as well… (it doesn’t get any easier!).
i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me
I don’t mean to be brash, but if you’re a true “newbie”, then I’d suggest starting on an easier box. This box has been rated “Insane” by the creator/mods, so if I were you I’d maybe take a crack at boxes like “Help”, “Netmon” or “Bastion” to get your feet wet. Then, maybe try moving towards more difficult boxes.
I will tell you truthfully that, if you’re already struggling to bypass the default h*** a*** on the /b***** directory then you are definitely going to struggle with the ensuing steps as well… (it doesn’t get any easier!).
Do you have to bruteforce the second login? Because it’s as brittle as crackers and immediately starts timing out as soon as I start testing against it and have to restart the server.
Edit: I haven’t made it past the second login yet, but based on what I found at another place I don’t think you need to bruteforce it. They probably wouldn’t have given us what they did if you had to.