Sense

i tried a lot of source for dirbuster wfuzz etc. with also a lot of extensions (e.g. html,xml,txt,sh,db ecc.) but the only interesting file found was one that say “installation” (to avoid spoilers), but here i do not see user or password (at least, i have tried “all” combination with the words inside this page), so maybe i’m not on the right way lol can someone help me?
thanks in advance!!

This thing is killing me lol. I’ve been using the default lists in dirbuster. Not sure how long I’m supposed to be letting it run. Using the extensions php, txt, and html.

Not sure what speed I should be using. Upped it to 500 threads cause it seems like at that speed it errors out more. Any help would be greatly appreciated.

Thanks

How is this box rated as easy, I am having a hard time to find the dir… Any help please…

dont overthink the dirbuster params, it was my mistake too… must be patiente to get the correct dir

losing it here. I’m in the group that has tried multiple lists, multiple programs, and multiple extensions (mainly stuck to txt) with no luck. Any DMs with a nudge is appreciated

Thanks for the nudges. Got it; it was just a matter of finding the ■■■■ file. user to root was a matter of a couple minutes. Keep faith and don’t quit on enumeration.

found some extra directories… but still no luck finding something inside.

Any kick the right way how to ask busters (actually I was luckier with gobuster than dirbs)

@lookash said:
found some extra directories… but still no luck finding something inside.

Any kick the right way how to ask busters (actually I was luckier with gobuster than dirbs)

i also find a dir but nothing more than that… can you pm me so we can talk about it :slight_smile:

First stage details found and have access to a web UI. Found two command injection vulnerabilities for it, but one requires more privileges than the user I have has. The other is older and I can’t get it to work. Any hints?

@briyani said:
I am also stuck with this machine. but it is rated as easy. Wondering what am I missing… :confused:

u need to enumerate run dirbuster and if you how-how you store information also search for file exts :wink:

Tried dirbuster/dirb will default list … not getting anywhere…if there any specific fuzz list that has to be used…

Finally finished with this box, four hours of dirbuster to find what I needed (admittedly I may have overdone the extensions list), then 10 minutes to root the box. Technically it is easy but ■■■■ is it frustrating.

To answer a couple Qs on here without being spoilery:

  • I used one of the default dirbuster wordlists.
  • When you find the thing you need, it should be obvious. Don’t overthink things.
  • There’s another something you may find that will give you an idea of what to investigate next (though it’s likely something you’d do anyway)

I hope that’s not too confusing or close to being a spoiler, I’m new to all this.

I think the point of this box is to teach you patience and not to quit on your enumeration.

Need some help on the dirbuster part. Couldn’t find anything useful at all.

Gotten the username now. Any hint on the password ?

@weilunnn said:
Gotten the username now. Any hint on the password ?

Apparently it is in the same location as the username.
Could you send me a PM on the extension list you used? Ran dirbuster for few hours yesterday, but found nothing of use…

@k005 said:

@weilunnn said:
Gotten the username now. Any hint on the password ?

Apparently it is in the same location as the username.
Could you send me a PM on the extension list you used? Ran dirbuster for few hours yesterday, but found nothing of use…

Just ask yourself “what is the basic kind of file where you can store data?” then you have your answer. And when using dirbuster don’t look for too many extension…

Found login. Thanks.

Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.

@keramas said:
Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.

if you don’t knock on the right door, you’ll find nothing… go back on your nmap scan.

@1nitiative said:

@keramas said:
Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.

if you don’t knock on the right door, you’ll find nothing… go back on your nmap scan.

Thanks for the reply.

I’ve re-scanned and looked at everything again, but I feel like I’m taking crazy pills because I am not seeing anything of interest.