Type your comment> @Tilia said:
You would have never figured out that the higher port works as a database, you figure out this reading these posts in the thread. Now a simple question: everything you can get doing basic recon on the box - running dirb, for example, will only give you unavailable “directories” and a couple of available ones, and when you try to access them, you see nothing. There would be no problem if it would not be a nginx server but some node js. And again folks post “that helped me so much”-like comments thinking it is helpful, but it is more confusing I would say. So yeah, I would have probably never figured out that the higher port works as a database unless some of you posted this, because there is literally no any single pointer to this, and it contains literally useless garbage, nor anything useful giving me an idea about how to extract data.
Some guys find this box frustrating, and the main problem of this is that it’s rated as a simple box and requires hard work. You were probably expecting that you would own the box in 30 minutes after its release or so, but no, there you go.
I am sorry if you guys find this post a toxic one. But that’s exactly what happens in my mind right now. It’s not a tragedy, but I can’t find a foothold to get user at least.
When you got the user you realize it’s easier than you ever though.
Just squeeze all the info you can get from the needle. Do not overthink as I did.