Sense

Gotten the username now. Any hint on the password ?

@weilunnn said:
Gotten the username now. Any hint on the password ?

Apparently it is in the same location as the username.
Could you send me a PM on the extension list you used? Ran dirbuster for few hours yesterday, but found nothing of use…

@k005 said:

@weilunnn said:
Gotten the username now. Any hint on the password ?

Apparently it is in the same location as the username.
Could you send me a PM on the extension list you used? Ran dirbuster for few hours yesterday, but found nothing of use…

Just ask yourself “what is the basic kind of file where you can store data?” then you have your answer. And when using dirbuster don’t look for too many extension…

Found login. Thanks.

Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.

@keramas said:
Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.

if you don’t knock on the right door, you’ll find nothing… go back on your nmap scan.

@1nitiative said:

@keramas said:
Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.

if you don’t knock on the right door, you’ll find nothing… go back on your nmap scan.

Thanks for the reply.

I’ve re-scanned and looked at everything again, but I feel like I’m taking crazy pills because I am not seeing anything of interest.

The needed file finally populated… Not sure why it didn’t show up the last 2 times I ran this wordlist. The only thing I changed was speed this time, which I wouldn’t think would affect it.

Was able complete Sense, but not sure if it was the “correct” way. Didn’t seem easy to me compared to the other machines labeled as easy. Would appreciate a PM indicating how it should be done.

I got root on this box. I failed to enum, I spent like 5 hours with a vuln that got me nowhere. I overlooked something very basic, the exploit is actually really easy.

So can anyone help me out with the password for the application login? I found the username, but I’m stumped on the PW. Feel free to PM me if you want.

I just started working on Sense after a frustrating endeavor with BAshed. I used the default wordlist with php,html,txt still no luck on the “page”

@NinjaRockstar said:
So can anyone help me out with the password for the application login? I found the username, but I’m stumped on the PW. Feel free to PM me if you want.

Think about what the file is telling you, there is another post on here in with a hint on this too, the clue is in that file.

I’ve been going crazy for 2 days now. Either I’ve ran the correct wordlist with the right extensions and the “file” isn’t as obvious as everyone is saying or I have no idea what I am doing wrong. Please give me something?

I can’t find this ■■■■ file and I’m frustrated as a 40 year old virgin. txt,info,text,dat,data,sql and every wordlist I can find… Can someone PM me with a hint or a prayer.

OK I officially smashed Sense. I’m no longer a 40 year old virgin LOL

I logged into the portal and tried the “dir” exploit with no success. Now I am clueless.
Please a nudge required. Can DM to discuss.

For those who are still stuck in first phase

  1. I was stuck for 5 days, dirbuster and dirb are a hit or miss. Have patience. I got it right 15th time
  2. when i found out the password ive never felt so stupid as others in the forum said, its right in front of your face.

Why can’t i access the area needed post auth?

So having just done this box (spending way too long on it). Thought I would help those in need. Not a spoiler, well not in my opinion. I found the file (not telling you the extension) eventually, but it’s only in two of my wordlists. both of those are in /usr/share/wordlists/dirbuster/ - there are only 7 wordlists in there and it’s in 2 of them!

My enumeration is fine but I might think that it’s embarrassing because when I bruteforce the URL, I’ve got only error 403 and 301. Does it normal ? that’s why I’m stuck :wink: Just a file which is logs but nope interesting ! . Thanks