Starting point - Vaccine

Same here, could we reset this device, please?

a restart would be good. I can ping the box but not connect to the web server

vote to reset the labs guys, its doing the same for me also :frowning:

I cant even navigate to the webpage. times out every time. And yes, I’m connected to the vpn. Had this issue a couple weeks ago, gave up - decided to try again as it seems like a fun challenge - but i cant connect

I’ve got the same issue. It seems to have something to do with sqlmap: I could access the website via the browser and can run sqlmap without the --os-shell flag. This works fine but when I tried to run sqlmap with --os-shell t times out and the website isn’t accessible any more…? Only on the next day I (after reset of the machine I think) I can access again. Does someone got an explanation for this?

Type your comment> @misterdulister said:

I’ve got the same issue. It seems to have something to do with sqlmap: I could access the website via the browser and can run sqlmap without the --os-shell flag. This works fine but when I tried to run sqlmap with --os-shell t times out and the website isn’t accessible any more…? Only on the next day I (after reset of the machine I think) I can access again. Does someone got an explanation for this?

i cant even access the website…at all. vpn connected. refreshed vpn. deleted and downloaded new vpn file… internet definitely works…webpage wont load

Type your comment> @quantumtheory said:

Type your comment> @misterdulister said:

(Quote)
i cant even access the website…at all. vpn connected. refreshed vpn. deleted and downloaded new vpn file… internet definitely works…webpage wont load

Same with me. Happened yesterday. Can ping but can’t access through browser

Cannot open the webpage, I wonder if some nmap script is crashing http.

Same here, can’t access the web page at all. I’ve voted to reset the box.

I decided to come back and try this box again.

I got all the way to the end. I had my shells spawned and all I had to do was switch to root and grab the text. Literally 15 seconds left before completing the challenge…

Noticed my vpn disconnected. So I connected again, nothing worked. I regenerated my vpn file and tried connecting again… Nothing will load now.

Website wont load, I cant get my shells back because connection is refused… However, I get ping results… Shits stupid.

I cant see how to reset the box or anything like that, so I guess I’ll try again at another time

it finally reconnected!!! Get it while it’s good! lol

this chall is a pain in the a**! It seems someone keeps breaking it by testing postgress vulnerabilities… There’r some samples that allow anyone to send the machine to hibernation for an indefinite time … so every time you have to wait for the lab reset.

Type your comment> @Inigma said:

@sa1lor unfortunately not. I just moved on to the next lab and forgot about this one tbh.

Honestly, speaking as someone who did finish Starting Point, the live machines are much better and often easier to work with.

Type your comment> @n04x said:

I have an issue with Vaccine, I cannot do the sqlmap section, whenever I try it fails, if I accept the 302 redirect, it says cannot to connect to URL, if I don’t it says all tested parameter appear to be not injectable (based on the walk through, the GET should be injectable…)

SAME

@garlicgeorge said:

Type your comment> @n04x said:

I have an issue with Vaccine, I cannot do the sqlmap section, whenever I try it fails, if I accept the 302 redirect, it says cannot to connect to URL, if I don’t it says all tested parameter appear to be not injectable (based on the walk through, the GET should be injectable…)

SAME

I haven’t done this box, so I dont know for certain but generally “GET” isn’t considered a parameter. It is an HTTP request method.

The walkthrough says the string is:

sqlmap -u 'http://10.10.10.46/dashboard.php?search=a' --cookie="PHPSESSID=73jv7pdmjsv7dsspoqtnlv66ls"

This is using “search” as a parameter to see if it is injectable. I think the main issue is likely to be the cookie. That will change on each connection.

This can be confirmed by checking where the redirect is pointing to.

Type your comment> @TazWake said:

@garlicgeorge said:

Type your comment> @n04x said:

I have an issue with Vaccine, I cannot do the sqlmap section, whenever I try it fails, if I accept the 302 redirect, it says cannot to connect to URL, if I don’t it says all tested parameter appear to be not injectable (based on the walk through, the GET should be injectable…)

SAME

I haven’t done this box, so I dont know for certain but generally “GET” isn’t considered a parameter. It is an HTTP request method.

The walkthrough says the string is:

sqlmap -u 'http://10.10.10.46/dashboard.php?search=a' --cookie="PHPSESSID=73jv7pdmjsv7dsspoqtnlv66ls"

This is using “search” as a parameter to see if it is injectable. I think the main issue is likely to be the cookie. That will change on each connection.

This can be confirmed by checking where the redirect is pointing to.

I’ve tested with multiple cookies by reloading the page and I don’t follow the redirect as that takes to the login page or smth I think. The problem I’m having is that sqlmap isn’t able to detect the database type or any injection vectors either. I’ve found another exploit that uses a perl reverse shell and the copy to/from feature on postgresql. I know how the copy/to from command works and why it works, but I’m not familiar with PostgreSQL syntax or anything since I’ve only used MySQL. I wanted to do it manually but I guess I can’t.

@TazWake said:
@garlicgeorge said:

Type your comment> @n04x said:

I have an issue with Vaccine, I cannot do the sqlmap section, whenever I try it fails, if I accept the 302 redirect, it says cannot to connect to URL, if I don’t it says all tested parameter appear to be not injectable (based on the walk through, the GET should be injectable…)

SAME

I haven’t done this box, so I dont know for certain but generally “GET” isn’t considered a parameter. It is an HTTP request method.

The walkthrough says the string is:

sqlmap -u 'http://10.10.10.46/dashboard.php?search=a' --cookie="PHPSESSID=73jv7pdmjsv7dsspoqtnlv66ls"

This is using “search” as a parameter to see if it is injectable. I think the main issue is likely to be the cookie. That will change on each connection.

This can be confirmed by checking where the redirect is pointing to.

oh and I know that the GET method is for HTTP requests and isn’t what’s supposed to be tested. It’s the search parameter that’s supposed to be tested. I was just referring to the other guy’s post because the feedback he was getting from sqlmap is the same as mine.

@garlicgeorge said:

I’ve tested with multiple cookies by reloading the page and I don’t follow the redirect as that takes to the login page or smth I think. The problem I’m having is that sqlmap isn’t able to detect the database type or any injection vectors either. I’ve found another exploit that uses a perl reverse shell and the copy to/from feature on postgresql. I know how the copy/to from command works and why it works, but I’m not familiar with PostgreSQL syntax or anything since I’ve only used MySQL. I wanted to do it manually but I guess I can’t.

So, if the page is redirecting to a login page, that implies the cookie isn’t valid. The purpose of the cookie is to maintain the authentication here, so without it, the server is going for a re-authenticate.

SQLMap can’t solve this because the server isn’t exposing the DB connectors to an unauthenticated request.

If you are using the current cookie of a valid session and it is going to redirect, then I dont know how to help, as it implies something is broken. It might be best to raise a jira ticket at this point and see if HTB can fix it.

@garlicgeorge said:

oh and I know that the GET method is for HTTP requests and isn’t what’s supposed to be tested. It’s the search parameter that’s supposed to be tested. I was just referring to the other guy’s post because the feedback he was getting from sqlmap is the same as mine.

I totally get that, I was just making sure the original post’s statement was getting clarified.

Type your comment> @TazWake said:

@garlicgeorge said:

I’ve tested with multiple cookies by reloading the page and I don’t follow the redirect as that takes to the login page or smth I think. The problem I’m having is that sqlmap isn’t able to detect the database type or any injection vectors either. I’ve found another exploit that uses a perl reverse shell and the copy to/from feature on postgresql. I know how the copy/to from command works and why it works, but I’m not familiar with PostgreSQL syntax or anything since I’ve only used MySQL. I wanted to do it manually but I guess I can’t.

So, if the page is redirecting to a login page, that implies the cookie isn’t valid. The purpose of the cookie is to maintain the authentication here, so without it, the server is going for a re-authenticate.

SQLMap can’t solve this because the server isn’t exposing the DB connectors to an unauthenticated request.

If you are using the current cookie of a valid session and it is going to redirect, then I dont know how to help, as it implies something is broken. It might be best to raise a jira ticket at this point and see if HTB can fix it.

@garlicgeorge said:

oh and I know that the GET method is for HTTP requests and isn’t what’s supposed to be tested. It’s the search parameter that’s supposed to be tested. I was just referring to the other guy’s post because the feedback he was getting from sqlmap is the same as mine.

I totally get that, I was just making sure the original post’s statement was getting clarified.

The thing is, it isn’t getting redirected. The tests are being performed and after all of the tests, it just says that the search parameter is basically a dead end and there are no useful results.

@garlicgeorge said:
Type your comment> @TazWake said:

@garlicgeorge said:

I’ve tested with multiple cookies by reloading the page and I don’t follow the redirect as that takes to the login page or smth I think. The problem I’m having is that sqlmap isn’t able to detect the database type or any injection vectors either. I’ve found another exploit that uses a perl reverse shell and the copy to/from feature on postgresql. I know how the copy/to from command works and why it works, but I’m not familiar with PostgreSQL syntax or anything since I’ve only used MySQL. I wanted to do it manually but I guess I can’t.

So, if the page is redirecting to a login page, that implies the cookie isn’t valid. The purpose of the cookie is to maintain the authentication here, so without it, the server is going for a re-authenticate.

SQLMap can’t solve this because the server isn’t exposing the DB connectors to an unauthenticated request.

If you are using the current cookie of a valid session and it is going to redirect, then I dont know how to help, as it implies something is broken. It might be best to raise a jira ticket at this point and see if HTB can fix it.

@garlicgeorge said:

oh and I know that the GET method is for HTTP requests and isn’t what’s supposed to be tested. It’s the search parameter that’s supposed to be tested. I was just referring to the other guy’s post because the feedback he was getting from sqlmap is the same as mine.

I totally get that, I was just making sure the original post’s statement was getting clarified.

The thing is, it isn’t getting redirected. The tests are being performed and after all of the tests, it just says that the search parameter is basically a dead end and there are no useful results.

@TazWake It asks me if I want it to follow the redirect and I obviously decline, but there are still no results from the tests as it just says the search parameter isn’t injectable. I figured out the DB was Postgres from the error messages but sqlmap isn’t able to return even that let alone injection vectors.