Smasher2

Type your comment> @SpaceMoehre said:

The site says: “Please no…” xD

Only managed to find that single web dir…

Edit: Got creds and logged in to /b*****. Found the .p* and .s* files. Seems like there’s something else going on but I need to figure out how to access it.

Two hackers compromised this box, and one marked it as very hard while other marked as very easy. I wander why some people mark very hard boxes as very easy? What does that mean?

Obviously it could not be really very easy. How is it possible to spend several hours for researches and say that it was very easy?)

I could be wrong but I assume the person who rated it really easy might be trolling since it took first blood 7 hours to even get first blood user and still no root blood.

I didn’t had the chance to try Smasher. I’m just a poor guy using the free servers. Is it a prerequisite for Smasher2?

Type your comment> @tabacci said:

Two hackers compromised this box, and one marked it as very hard while other marked as very easy. I wander why some people mark very hard boxes as very easy? What does that mean?

Obviously it could not be really very easy. How is it possible to spend several hours for researches and say that it was very easy?)

If you remember, first 11 guys marked Unattended like very easy box

If you remember, first 11 guys marked Unattended like very easy
they must be jokers)

Login page it’s a rabbit hole?
Do I need to make a brute force the login page?

root is amazing, fell in love

I feel like i’ve gotten nowhere on this box.

anyone succeed authenticate on b***** dir?

@Moshker yeah, feel free to PM, although I’m stuck at the next bit :stuck_out_tongue:

Type your comment> @Moshker said:

anyone succeed authenticate on b***** dir?

Yes. I used the big list but it took forever. Ran is overnight. Then I figured out box creator dropped a hint on how to grep the right stuff xD

Do I need to brute or find SQLi on w********r page?

Looking for some help with a a***.*y script??? I got the creds now dont know how to leverage the info inside. PM if you can help thanks

So sad

i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

Type your comment> @kartik007 said:

i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

I don’t mean to be brash, but if you’re a true “newbie”, then I’d suggest starting on an easier box. This box has been rated “Insane” by the creator/mods, so if I were you I’d maybe take a crack at boxes like “Help”, “Netmon” or “Bastion” to get your feet wet. Then, maybe try moving towards more difficult boxes.

I will tell you truthfully that, if you’re already struggling to bypass the default h*** a*** on the /b***** directory then you are definitely going to struggle with the ensuing steps as well… (it doesn’t get any easier!).

Type your comment> @Farbs said:

Type your comment> @kartik007 said:

i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

I don’t mean to be brash, but if you’re a true “newbie”, then I’d suggest starting on an easier box. This box has been rated “Insane” by the creator/mods, so if I were you I’d maybe take a crack at boxes like “Help”, “Netmon” or “Bastion” to get your feet wet. Then, maybe try moving towards more difficult boxes.

I will tell you truthfully that, if you’re already struggling to bypass the default h*** a*** on the /b***** directory then you are definitely going to struggle with the ensuing steps as well… (it doesn’t get any easier!).

thank you and i will take your suggestion

so is B**** Fing the J on the second log** the correct way or does the .s file have the thing in it to get in?

Do you have to bruteforce the second login? Because it’s as brittle as crackers and immediately starts timing out as soon as I start testing against it and have to restart the server.

Edit: I haven’t made it past the second login yet, but based on what I found at another place I don’t think you need to bruteforce it. They probably wouldn’t have given us what they did if you had to.