No fucking way to do anything, guys are fucking raping the box and ddosing it…
I found a login portal but seems to be a rabbit hole.
I found search engine like functionality, not sure if it’s a rabbithole, It does point to a new technology.
I found a github repo and also don’t know if it just might be a rabbithole…
This box needs good enumeration. Until now I only found rabbit holes
First blood gone…
Anyone at the v****/c******* structure?
already ordered mangos from whole foods twice.
both deliveries are overdue tho.
sad.
https: /a…tics.p.p
Happy diwali hackthebox
&login=login a little strange maybe h.dra… or pata …
Found an empty looking useless web server, one with the aforementioned “search engine like” stuff (along with an***cs.p) which yet again doesn’t seem very useful but it led to a third web serv that seems closest connection to the box’s name and has a login.
Gobuster found absolutely nothing on any, neither did manual enum. Any nudges / ideas maybe? Thanks
Could that one guy please stop dos-ing the server? Thanks.
I’ve enumerated it in any way I could think of with dirs, files, ipv6, several payloads for the search field, look for vulnerabilities in all the files/folders I could think of…
And I’m at the same point than a couple hours ago when I started, so if anybody would like to throw some hints you are very welcome.
I dont think olap.flexmonster.com are funny to use /ana…php and connect to there elasticsearch server more and more
??
Loading members…name: 300000 of 474710 loaded
And hack the box server is fighting with tons of data maybe rabbit data
I hope this is a rabbit hole I can create a query that run more days, kill htb server and flexmonster elasticsearch engine
Are we supposedd to go to c**.f*********r.com linked from the an…php page or is it just a rabbit hole?
Spent a lot of time by analyzing unnecessary stuff.
But like in real pentest you do not know in advance where is vulnerability hidden.
The same for root )
I think I found a user i*******y. Rabbit hole?