Hey guys
can you please provide me with a hint regarding the login page?
i am stuck after getting the d***.s** & h*** files
tried dirb, dirbuster, gobsuter using some different combinations
those who got users, just for saving time, is dirbusting necessary?
or, itās more than necessary?
Found the c***** file, got the files off the low port. Sounds like I need more fuzzing for the login page but so far I am Iāve been gobustering and wfuzzing for a few hours.
Tips welcome.
Iām always bewildered to see that some straight forwards names or passwords are not in the most basic wordlistsā¦
Type your comment> @Bl00dMoon said:
Rooted ! Great box made up by @GibParadox and @polarbearer
Glad you liked it
Dudes rocked it. Thanks for putting in the work.
Felt super uncomfortable at various stages but those are lessons that wonāt soon be forgotten.
Be like water. Flow.
Thanks for being alive @GibParadox and @polarbearer
Stay safe.
That box is extremely annoyingā¦ by the look of it thereās a fake db, with half-fake credentials for itā¦
Iāve been trying dirb, dirbuster, wfuzz on a specific directory using differnt wordlists for hours and I can not find any login pageā¦ I will appreciate any nudge on that ^^ā
Ive found a lot of really useful stuff but cant seem to use any of it.
been doing some hardcore fuzzing for a while now with no luck to proceed
This is my second box, Iāve been fuzzing the ā ā ā ā out of it but canāt seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or youād like to help I really appreciate it!
How did you solve āConnection Refusedā? Can someone PM me on this? I did all I thought possible problem.
I keep getting a Connection Refused everytime i run dirbuster Idk why !!
Type your comment> @shaswata56 said:
those who got users, just for saving time, is dirbusting necessary?
or, itās more than necessary?
IMO, youāll need to at two stages unless you take some semi-creative guesses. What you are looking for is in many of the wordlists though, you just have to look in the right spot. There are only a couple so donāt get too far off track.
Okay, I give up. Iāve dirbāed the ā ā ā ā out of this thingā¦ I think. Iāve found usernames and passwords, none of which work on the middle port. Some people say thereās a login page but I havenāt yet found that. Iāve looked for all .php files in the directories I know about, tried w*-an but it says the page isnāt running word***. So thatās probably a rabbit hole, yeah?
On the plus side, Dust on the Interstellar OST is legit.
Type your comment> @edoardop said:
This is my second box, Iāve been fuzzing the ā ā ā ā out of it but canāt seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or youād like to help I really appreciate it!
@Mapperist said:
Okay, I give up. Iāve dirbāed the ā ā ā ā out of this thingā¦ I think. Iāve found usernames and passwords, none of which work on the middle port. Some people say thereās a login page but I havenāt yet found that. Iāve looked for all .php files in the directories I know about, tried w*-an but it says the page isnāt running word***. So thatās probably a rabbit hole, yeah?On the plus side, Dust on the Interstellar OST is legit.
Iām pretty much like you. Donāt worry, even if you had the login page, the credentials donāt work there. Not surprising because one of the said credential has a typo in it where it was found so it CANT work as it is ā¦
Type your comment> @lebutter said:
Type your comment> @edoardop said:
This is my second box, Iāve been fuzzing the ā ā ā ā out of it but canāt seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or youād like to help I really appreciate it!
@Mapperist said:
Okay, I give up. Iāve dirbāed the ā ā ā ā out of this thingā¦ I think. Iāve found usernames and passwords, none of which work on the middle port. Some people say thereās a login page but I havenāt yet found that. Iāve looked for all .php files in the directories I know about, tried w*-an but it says the page isnāt running word***. So thatās probably a rabbit hole, yeah?On the plus side, Dust on the Interstellar OST is legit.
Iām pretty much like you. Donāt worry, even if you had the login page, the credentials donāt work there. Not surprising because one of the said credential has a typo in it where it was found so it CANT work as it is ā¦
Actually, is not the creds that has a typo. The p*p file you need is something beween the name of the machine and the r*****.t** directory. Just no ā-ā. This might be a spoiler, but it was the strangest part of the box. PM me for more (as far as I have reached ofc)
Hey guys, has that damnable ptmer script worked for anyone after finding the login ? Otherwise everything seems to require auth.
Why is this box rated so bad? I liked the idea. Sure there are some rabbit holes but the way of connecting the points to get user is really nice.
Type your comment> @AXANO said:
GOT USER. crazy box full of rabitholes. it is easily a hard box
Made me laugh I like you.