Admirer

Rooted ! Great box made up by @GibParadox and @polarbearer

Type your comment> @Bl00dMoon said:

Rooted ! Great box made up by @GibParadox and @polarbearer

Glad you liked it :slight_smile:

Dudes rocked it. Thanks for putting in the work.
Felt super uncomfortable at various stages but those are lessons that won’t soon be forgotten.
Be like water. Flow.

Thanks for being alive @GibParadox and @polarbearer
Stay safe.

That box is extremely annoying… by the look of it there’s a fake db, with half-fake credentials for it…

I’ve been trying dirb, dirbuster, wfuzz on a specific directory using differnt wordlists for hours and I can not find any login page… I will appreciate any nudge on that ^^’

Ive found a lot of really useful stuff but cant seem to use any of it.
been doing some hardcore fuzzing for a while now with no luck to proceed

This is my second box, I’ve been fuzzing the ■■■■ out of it but can’t seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or you’d like to help I really appreciate it!

How did you solve “Connection Refused”? Can someone PM me on this? I did all I thought possible problem.

I keep getting a Connection Refused everytime i run dirbuster Idk why !!

Type your comment> @shaswata56 said:

those who got users, just for saving time, is dirbusting necessary?
or, it’s more than necessary?

IMO, you’ll need to at two stages unless you take some semi-creative guesses. What you are looking for is in many of the wordlists though, you just have to look in the right spot. There are only a couple so don’t get too far off track.

Okay, I give up. I’ve dirb’ed the ■■■■ out of this thing… I think. I’ve found usernames and passwords, none of which work on the middle port. Some people say there’s a login page but I haven’t yet found that. I’ve looked for all .php files in the directories I know about, tried w*-an but it says the page isn’t running word***. So that’s probably a rabbit hole, yeah?

On the plus side, Dust on the Interstellar OST is legit.

Type your comment> @edoardop said:

This is my second box, I’ve been fuzzing the ■■■■ out of it but can’t seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or you’d like to help I really appreciate it!

@Mapperist said:
Okay, I give up. I’ve dirb’ed the ■■■■ out of this thing… I think. I’ve found usernames and passwords, none of which work on the middle port. Some people say there’s a login page but I haven’t yet found that. I’ve looked for all .php files in the directories I know about, tried w*-an but it says the page isn’t running word***. So that’s probably a rabbit hole, yeah?

On the plus side, Dust on the Interstellar OST is legit.

:smiley:
I’m pretty much like you. Don’t worry, even if you had the login page, the credentials don’t work there. Not surprising because one of the said credential has a typo in it where it was found so it CANT work as it is …

Type your comment> @lebutter said:

Type your comment> @edoardop said:

This is my second box, I’ve been fuzzing the ■■■■ out of it but can’t seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or you’d like to help I really appreciate it!

@Mapperist said:
Okay, I give up. I’ve dirb’ed the ■■■■ out of this thing… I think. I’ve found usernames and passwords, none of which work on the middle port. Some people say there’s a login page but I haven’t yet found that. I’ve looked for all .php files in the directories I know about, tried w*-an but it says the page isn’t running word***. So that’s probably a rabbit hole, yeah?

On the plus side, Dust on the Interstellar OST is legit.

:smiley:
I’m pretty much like you. Don’t worry, even if you had the login page, the credentials don’t work there. Not surprising because one of the said credential has a typo in it where it was found so it CANT work as it is …

Actually, is not the creds that has a typo. The p*p file you need is something beween the name of the machine and the r*****.t** directory. Just no “-”. This might be a spoiler, but it was the strangest part of the box. PM me for more (as far as I have reached ofc)

Hey guys, has that damnable ptmer script worked for anyone after finding the login ? Otherwise everything seems to require auth.

Why is this box rated so bad? I liked the idea. Sure there are some rabbit holes but the way of connecting the points to get user is really nice.

Type your comment> @AXANO said:

GOT USER. crazy box full of rabitholes. it is easily a hard box

Made me laugh :slight_smile: I like you.

Found the login page, tried few things but i got connection refused no matter what, maybe am i doing it wrong ?

looking for nudge on user. have f** access , have many users, many passwords. even many passwords for some users. I have an idea where to go next, but not sure

Ditto. Is it findable from the clues without bruteforcing the ■■■■ out of the original dir and the one found from f**?

Any hint for getting user.txt?

Successfully logged in, edited script to the file which I want but it does not send the content of it.