Starting point - Vaccine

Found the best way to get the os-shell was to use burp with intercept mode on right from the login page; On the first packet which passes the PHPSESSION copy that into your sqlmap command and run it, I ran mine with --level 2 and --risk 2.

Once it was running then forward all the packets and then sqlmap responded correctly.

I finally rooted with the help of this thread and the Python script referenced within the thread: Machine name: vaccine stuck on getting SQL code execution shell - Machines - Hack The Box :: Forums

Type your comment> @Proelia said:

I’m following the walkthrough for “Vaccine” and when it says browse to port 80, I enter the IP (10.10.10.46) into firefox and it times out.

The machine has been restarted during the time I have been trying, am I missing something stupid?

Hey All - having the same issue with this one. Was there ever any solution or should I just leave it and move on to another? Thanks

Hello everyone.
I am having the same issue when trying to load the website from the Vaccine machine.
It just times out and when I use --reason with nmap i see the service has a no-response

Facing same issue of website timing out.
How to reset the box?

I have the same issue.

Same issue here aswell.

Same for me.

Same here, could we reset this device, please?

a restart would be good. I can ping the box but not connect to the web server

vote to reset the labs guys, its doing the same for me also :frowning:

I cant even navigate to the webpage. times out every time. And yes, I’m connected to the vpn. Had this issue a couple weeks ago, gave up - decided to try again as it seems like a fun challenge - but i cant connect

I’ve got the same issue. It seems to have something to do with sqlmap: I could access the website via the browser and can run sqlmap without the --os-shell flag. This works fine but when I tried to run sqlmap with --os-shell t times out and the website isn’t accessible any more…? Only on the next day I (after reset of the machine I think) I can access again. Does someone got an explanation for this?

Type your comment> @misterdulister said:

I’ve got the same issue. It seems to have something to do with sqlmap: I could access the website via the browser and can run sqlmap without the --os-shell flag. This works fine but when I tried to run sqlmap with --os-shell t times out and the website isn’t accessible any more…? Only on the next day I (after reset of the machine I think) I can access again. Does someone got an explanation for this?

i cant even access the website…at all. vpn connected. refreshed vpn. deleted and downloaded new vpn file… internet definitely works…webpage wont load

Type your comment> @quantumtheory said:

Type your comment> @misterdulister said:

(Quote)
i cant even access the website…at all. vpn connected. refreshed vpn. deleted and downloaded new vpn file… internet definitely works…webpage wont load

Same with me. Happened yesterday. Can ping but can’t access through browser

Cannot open the webpage, I wonder if some nmap script is crashing http.

Same here, can’t access the web page at all. I’ve voted to reset the box.

I decided to come back and try this box again.

I got all the way to the end. I had my shells spawned and all I had to do was switch to root and grab the text. Literally 15 seconds left before completing the challenge…

Noticed my vpn disconnected. So I connected again, nothing worked. I regenerated my vpn file and tried connecting again… Nothing will load now.

Website wont load, I cant get my shells back because connection is refused… However, I get ping results… Shits stupid.

I cant see how to reset the box or anything like that, so I guess I’ll try again at another time

it finally reconnected!!! Get it while it’s good! lol

this chall is a pain in the a**! It seems someone keeps breaking it by testing postgress vulnerabilities… There’r some samples that allow anyone to send the machine to hibernation for an indefinite time … so every time you have to wait for the lab reset.