Sense

@RPSUK said:
ok so im obviously not using dirbuster dirb of wfuzz correctly because no matter what list i use or extension i use to search for im not finding anything of use… can someone PM me with a nudge so not to spoil for anyone else …

Check DM

Okay guys, so after having a short break, I’ve just got back to HTB not even ten minutes ago. And now I own Sense. Exact p0wning time: less than 10 minutes. And that’s because of my wordlist, no doubt. I’m sure some people may do better than myself. I have to admit that p0wning Sense is insanely easy. So for those that think it’s frustrating, some comments:

  1. Enumerate. No surprises here. Do it with default wordlists, and don’t overthink the extension.

  2. If the enumeration is taking more than 10 minutes, you are probably not using the right wordlist.

  3. Then, grab those findings and look for default vulnerabilities. Exploit them with something that has been already coded, no worries about charset or anything like that if you are lazy (like me), then go default.

Cheers,

Hello all!
I’ve been working this box for a week with dirbuster and can’t seem to get any results. I’ve used all the lists in dirbuster / dirb / and the SecLists-master list. I’ve also used extensions ranging from just .txt to a robust listing of extensions. I’m sure I’m missing something small, but would appreciate if I could chat with someone to see what I’m missing. Until then I’ll keep trying different tool setting combos with different lists.

Thanks!

@TylerDurden said:
Hello all!
I’ve been working this box for a week with dirbuster and can’t seem to get any results. I’ve used all the lists in dirbuster / dirb / and the SecLists-master list. I’ve also used extensions ranging from just .txt to a robust listing of extensions. I’m sure I’m missing something small, but would appreciate if I could chat with someone to see what I’m missing. Until then I’ll keep trying different tool setting combos with different lists.

Thanks!

did you try dirbuster with extensions? which of them you tried?

Hello All,
I am logged to the interface, and can inject code but not sure what else to do from this point. There are a few vuln’s for this version but i can only get simple code to work. Any help would be great.

Enumerate more and use Google. There are already several scripts etc for vulns

@mokrea said:

@TylerDurden said:
Hello all!
I’ve been working this box for a week with dirbuster and can’t seem to get any results. I’ve used all the lists in dirbuster / dirb / and the SecLists-master list. I’ve also used extensions ranging from just .txt to a robust listing of extensions. I’m sure I’m missing something small, but would appreciate if I could chat with someone to see what I’m missing. Until then I’ll keep trying different tool setting combos with different lists.

Thanks!

did you try dirbuster with extensions? which of them you tried?

Hie, I am also stuck with this box. Could you please PM me with the extension you used. All extensions I have tried are not giving me anything

@gregX01 said:

@mokrea said:

@TylerDurden said:
Hello all!
I’ve been working this box for a week with dirbuster and can’t seem to get any results. I’ve used all the lists in dirbuster / dirb / and the SecLists-master list. I’ve also used extensions ranging from just .txt to a robust listing of extensions. I’m sure I’m missing something small, but would appreciate if I could chat with someone to see what I’m missing. Until then I’ll keep trying different tool setting combos with different lists.

Thanks!

did you try dirbuster with extensions? which of them you tried?

Hie, I am also stuck with this box. Could you please PM me with the extension you used. All extensions I have tried are not giving me anything

also stuck on this one.

i tried a lot of source for dirbuster wfuzz etc. with also a lot of extensions (e.g. html,xml,txt,sh,db ecc.) but the only interesting file found was one that say “installation” (to avoid spoilers), but here i do not see user or password (at least, i have tried “all” combination with the words inside this page), so maybe i’m not on the right way lol can someone help me?
thanks in advance!!

This thing is killing me lol. I’ve been using the default lists in dirbuster. Not sure how long I’m supposed to be letting it run. Using the extensions php, txt, and html.

Not sure what speed I should be using. Upped it to 500 threads cause it seems like at that speed it errors out more. Any help would be greatly appreciated.

Thanks

How is this box rated as easy, I am having a hard time to find the dir… Any help please…

dont overthink the dirbuster params, it was my mistake too… must be patiente to get the correct dir

losing it here. I’m in the group that has tried multiple lists, multiple programs, and multiple extensions (mainly stuck to txt) with no luck. Any DMs with a nudge is appreciated

Thanks for the nudges. Got it; it was just a matter of finding the ■■■■ file. user to root was a matter of a couple minutes. Keep faith and don’t quit on enumeration.

found some extra directories… but still no luck finding something inside.

Any kick the right way how to ask busters (actually I was luckier with gobuster than dirbs)

@lookash said:
found some extra directories… but still no luck finding something inside.

Any kick the right way how to ask busters (actually I was luckier with gobuster than dirbs)

i also find a dir but nothing more than that… can you pm me so we can talk about it :slight_smile:

First stage details found and have access to a web UI. Found two command injection vulnerabilities for it, but one requires more privileges than the user I have has. The other is older and I can’t get it to work. Any hints?

@briyani said:
I am also stuck with this machine. but it is rated as easy. Wondering what am I missing… :confused:

u need to enumerate run dirbuster and if you how-how you store information also search for file exts :wink:

Tried dirbuster/dirb will default list … not getting anywhere…if there any specific fuzz list that has to be used…

Finally finished with this box, four hours of dirbuster to find what I needed (admittedly I may have overdone the extensions list), then 10 minutes to root the box. Technically it is easy but ■■■■ is it frustrating.

To answer a couple Qs on here without being spoilery:

  • I used one of the default dirbuster wordlists.
  • When you find the thing you need, it should be obvious. Don’t overthink things.
  • There’s another something you may find that will give you an idea of what to investigate next (though it’s likely something you’d do anyway)

I hope that’s not too confusing or close to being a spoiler, I’m new to all this.

I think the point of this box is to teach you patience and not to quit on your enumeration.