Admirer

Hey guys
can you please provide me with a hint regarding the login page?
i am stuck after getting the d***.s** & h*** files
tried dirb, dirbuster, gobsuter using some different combinations

those who got users, just for saving time, is dirbusting necessary?
or, itā€™s more than necessary?

Found the c***** file, got the files off the low port. Sounds like I need more fuzzing for the login page but so far I am :frowning: Iā€™ve been gobustering and wfuzzing for a few hours.

Tips welcome.

Iā€™m always bewildered to see that some straight forwards names or passwords are not in the most basic wordlistsā€¦

Rooted ! Great box made up by @GibParadox and @polarbearer

Type your comment> @Bl00dMoon said:

Rooted ! Great box made up by @GibParadox and @polarbearer

Glad you liked it :slight_smile:

Dudes rocked it. Thanks for putting in the work.
Felt super uncomfortable at various stages but those are lessons that wonā€™t soon be forgotten.
Be like water. Flow.

Thanks for being alive @GibParadox and @polarbearer
Stay safe.

That box is extremely annoyingā€¦ by the look of it thereā€™s a fake db, with half-fake credentials for itā€¦

Iā€™ve been trying dirb, dirbuster, wfuzz on a specific directory using differnt wordlists for hours and I can not find any login pageā€¦ I will appreciate any nudge on that ^^ā€™

Ive found a lot of really useful stuff but cant seem to use any of it.
been doing some hardcore fuzzing for a while now with no luck to proceed

This is my second box, Iā€™ve been fuzzing the ā– ā– ā– ā–  out of it but canā€™t seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or youā€™d like to help I really appreciate it!

How did you solve ā€œConnection Refusedā€? Can someone PM me on this? I did all I thought possible problem.

I keep getting a Connection Refused everytime i run dirbuster Idk why !!

Type your comment> @shaswata56 said:

those who got users, just for saving time, is dirbusting necessary?
or, itā€™s more than necessary?

IMO, youā€™ll need to at two stages unless you take some semi-creative guesses. What you are looking for is in many of the wordlists though, you just have to look in the right spot. There are only a couple so donā€™t get too far off track.

Okay, I give up. Iā€™ve dirbā€™ed the ā– ā– ā– ā–  out of this thingā€¦ I think. Iā€™ve found usernames and passwords, none of which work on the middle port. Some people say thereā€™s a login page but I havenā€™t yet found that. Iā€™ve looked for all .php files in the directories I know about, tried w*-an but it says the page isnā€™t running word***. So thatā€™s probably a rabbit hole, yeah?

On the plus side, Dust on the Interstellar OST is legit.

Type your comment> @edoardop said:

This is my second box, Iā€™ve been fuzzing the ā– ā– ā– ā–  out of it but canā€™t seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or youā€™d like to help I really appreciate it!

@Mapperist said:
Okay, I give up. Iā€™ve dirbā€™ed the ā– ā– ā– ā–  out of this thingā€¦ I think. Iā€™ve found usernames and passwords, none of which work on the middle port. Some people say thereā€™s a login page but I havenā€™t yet found that. Iā€™ve looked for all .php files in the directories I know about, tried w*-an but it says the page isnā€™t running word***. So thatā€™s probably a rabbit hole, yeah?

On the plus side, Dust on the Interstellar OST is legit.

:smiley:
Iā€™m pretty much like you. Donā€™t worry, even if you had the login page, the credentials donā€™t work there. Not surprising because one of the said credential has a typo in it where it was found so it CANT work as it is ā€¦

Type your comment> @lebutter said:

Type your comment> @edoardop said:

This is my second box, Iā€™ve been fuzzing the ā– ā– ā– ā–  out of it but canā€™t seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or youā€™d like to help I really appreciate it!

@Mapperist said:
Okay, I give up. Iā€™ve dirbā€™ed the ā– ā– ā– ā–  out of this thingā€¦ I think. Iā€™ve found usernames and passwords, none of which work on the middle port. Some people say thereā€™s a login page but I havenā€™t yet found that. Iā€™ve looked for all .php files in the directories I know about, tried w*-an but it says the page isnā€™t running word***. So thatā€™s probably a rabbit hole, yeah?

On the plus side, Dust on the Interstellar OST is legit.

:smiley:
Iā€™m pretty much like you. Donā€™t worry, even if you had the login page, the credentials donā€™t work there. Not surprising because one of the said credential has a typo in it where it was found so it CANT work as it is ā€¦

Actually, is not the creds that has a typo. The p*p file you need is something beween the name of the machine and the r*****.t** directory. Just no ā€œ-ā€. This might be a spoiler, but it was the strangest part of the box. PM me for more (as far as I have reached ofc)

Hey guys, has that damnable ptmer script worked for anyone after finding the login ? Otherwise everything seems to require auth.

Why is this box rated so bad? I liked the idea. Sure there are some rabbit holes but the way of connecting the points to get user is really nice.

Type your comment> @AXANO said:

GOT USER. crazy box full of rabitholes. it is easily a hard box

Made me laugh :slight_smile: I like you.