Smasher2

If you remember, first 11 guys marked Unattended like very easy
they must be jokers)

Login page it’s a rabbit hole?
Do I need to make a brute force the login page?

root is amazing, fell in love

I feel like i’ve gotten nowhere on this box.

anyone succeed authenticate on b***** dir?

@Moshker yeah, feel free to PM, although I’m stuck at the next bit :stuck_out_tongue:

Type your comment> @Moshker said:

anyone succeed authenticate on b***** dir?

Yes. I used the big list but it took forever. Ran is overnight. Then I figured out box creator dropped a hint on how to grep the right stuff xD

Do I need to brute or find SQLi on w********r page?

Looking for some help with a a***.*y script??? I got the creds now dont know how to leverage the info inside. PM if you can help thanks

So sad

i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

Type your comment> @kartik007 said:

i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

I don’t mean to be brash, but if you’re a true “newbie”, then I’d suggest starting on an easier box. This box has been rated “Insane” by the creator/mods, so if I were you I’d maybe take a crack at boxes like “Help”, “Netmon” or “Bastion” to get your feet wet. Then, maybe try moving towards more difficult boxes.

I will tell you truthfully that, if you’re already struggling to bypass the default h*** a*** on the /b***** directory then you are definitely going to struggle with the ensuing steps as well… (it doesn’t get any easier!).

Type your comment> @Farbs said:

Type your comment> @kartik007 said:

i am noob , just started pentesting , i did dirb and got b***** dir and default web page , can any one tell me what do next its quite confusing , please PM me

I don’t mean to be brash, but if you’re a true “newbie”, then I’d suggest starting on an easier box. This box has been rated “Insane” by the creator/mods, so if I were you I’d maybe take a crack at boxes like “Help”, “Netmon” or “Bastion” to get your feet wet. Then, maybe try moving towards more difficult boxes.

I will tell you truthfully that, if you’re already struggling to bypass the default h*** a*** on the /b***** directory then you are definitely going to struggle with the ensuing steps as well… (it doesn’t get any easier!).

thank you and i will take your suggestion

so is B**** Fing the J on the second log** the correct way or does the .s file have the thing in it to get in?

Do you have to bruteforce the second login? Because it’s as brittle as crackers and immediately starts timing out as soon as I start testing against it and have to restart the server.

Edit: I haven’t made it past the second login yet, but based on what I found at another place I don’t think you need to bruteforce it. They probably wouldn’t have given us what they did if you had to.

.

Man… This was a ■■■■ of a challenge… Many, many hours staying up and trying to get it, but with the help of a couple of lovely people on this site, we managed to finally get root! Thanks @dzonerzy and @xG0 for the wild ride, can’t wait for Smasher3!

Type your comment> @n0x90 said:

dzonerzy dropped a hint - I’m sure he won’t mind me sharing: user: admin, password beginning wth C. common.

thanks dzonerzy :heart:

sorry make that an ‘a’, no its DEFINITELY A ‘C’ rockyou baby

Is this true, been rocking it for a long time now…

What a beauty root, love it … truly…
Anyone here to discuss the ways for the user :smiley: ? I’m curious about the methods to get it s:
btw, why this smasher2 box gives no badge ? :open_mouth:
cheers!

Type your comment> @keithschm said:

Type your comment> @n0x90 said:

dzonerzy dropped a hint - I’m sure he won’t mind me sharing: user: admin, password beginning wth C. common.

thanks dzonerzy :heart:

sorry make that an ‘a’, no its DEFINITELY A ‘C’ rockyou baby

Is this true, been rocking it for a long time now…

)It is true but grep for “c” (lowercase c)