Admirer

Rooted.

Great box learned to enumerate Dirs properally.

anyone need nudges DM me

/

.

I was using the 2.3 wordlist in some directory I found in the files on the lowest port. I advice others to maybe use the big.txt in /dirb instead :slight_smile:

i found a lot of credentials and h***.t**.gz, but i can’t find the login page
i tried the default wordpress login (admin,login,wp-login) pages but non of them worked
any hints
thanks…

Rooted. Not particularly easy. Definitely a new technique learned for root. Need to play around with that some more.

All together pretty brutal box in my opinion but worth it in the end

Phew, finally got root.

I guess that’s another one to add to the “F@ck me, I didn’t know you could do that” list.

Type your comment> @4mph15b43n4 said:

Hello, first time posting here. So, I found the login page with that famously known service. I tried all the credentials (found on the lowest port on c**********.t**, i****.p** and d*_***.p) but nothing works. Am I missing something? I read about the typo but I’m lost… From what I know HTB machines don’t require brute-forcing so I didn’t even tried. I would appreciate a nudge. Thank you!

I’m at the same point… Any hints?

Can i PM someone about root?

I must say this box is annoying but it’s also a nice one. The box teaches you to “Try Harder” and not to relay on a single wordlist.
Also I discovered a new tool to use instead of gobuster, wfuzz which is actually a great one!

User:

  • Don’t give up and use different wordlists.
  • Enumerate everything!
  • When you find something interesting and nothing works, try to google it and understand how it works.

Root:

  • Basic enumeration.
  • Pay attention to the information you’re getting.
  • Try to figure out how you can manipulate certain things to execute your payload.

I’ve managed to get 2 files, creds, login page, but get refused. Could someone confirm for me if an exploit is needed to login? Found one on Google but am weak on that particular service. If someone could PM or contact me rcg#0076 on Discord. Thanks so much!

Rooted. DM if you need a nudge.

Spoiler Removed

Don’t know if that was a spoiler. Rooted anyway?

I’m using a list with +6000 words based on the service running to find his login page.
Still nothing .
I’m getting f*cking crazy.

Obv tested in every path known.

edit:
Even with a custom list (several google searches mixed together), nothing.

re-edit :
NVM, I was dumb, got user. :neutral:
Too much fuzzing and frustration makes davihack a dull boy

Final user part is cool.

For Root :
I want to point out that is pretty easy and straight. I got there even without any enum, you can just remember of the initial user part.

any help with login in a******.p*p ? DM please

Finally, got user
It was funny way contains a lot of rabbit holes.
Indeed, never give up, think, googling for user

Got root flag, but no shell yet.

And there’s that pesky shell.

root@admirer:/# ifconfig | fgrep 10. | awk ‘{print $2}’&&whoami
10.10.10.187
root

Many thanks to @segf4ul7 for a little sanity check along the way. Fun one for my first new box experience.

Some comments from my side, as mentioned numerous times, enumerate and use ffuf which is much faster.

Please stop resetting the systems so frequently the whole process is supposed to be entertaining not frustrating.

As always feel free to drop me a message in case you need a hint.