Sense

@briyani said:
I am also stuck with this machine. but it is rated as easy. Wondering what am I missing… :confused:

use web enumeration … dirbuster …:wink:

done it …got root …

Okay, I’m sorry, but I’m still not quite getting this one.

I’ve been using dirbuster recursively against this with various different wordlists (both in Kali and on repositories like GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.). I’ve edited the various different options to change headers and include txt,md,rc,conf,cnf,inc,php,html,cgi,phtml,pl,py files…

I’m really no so sure what I’m missing or if I’m just not recognizing this one. I’ve found a couple files that are moderately interesting, but I’ve not been able to go anywhere with them. Could you tell me, with the above settings, should I be able to find what I need to move on, or am I still missing something?

Perhaps I’m just recognizing the attack vector…

Okay, nvm… I think I’ve got something…

@5aru said:
Okay, I’m sorry, but I’m still not quite getting this one.

I’ve been using dirbuster recursively against this with various different wordlists (both in Kali and on repositories like GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.). I’ve edited the various different options to change headers and include txt,md,rc,conf,cnf,inc,php,html,cgi,phtml,pl,py files…

I’m really no so sure what I’m missing or if I’m just not recognizing this one. I’ve found a couple files that are moderately interesting, but I’ve not been able to go anywhere with them. Could you tell me, with the above settings, should I be able to find what I need to move on, or am I still missing something?

Perhaps I’m just recognizing the attack vector…

If you’ve done everything you said here, you have your initial foothold in front of you. Now to make use of it.

Hi all, I have been at this box for an entire day. I have enumerated a whole lot of different potential things. I would just like to know if I am on the right path trying to gain an initial foothold.

I think I might have the correct vector, but I am unsure of how to use it. Is there someone that I can PM about this?

So I managed to get the flags in the end. Is there someone that I can PM about the intended way/method?

The intended way is the way that you did it. You got them both using the same method, right?

I’m sorry, I’m still a bit lost. I feel like I’m missing a crucial piece of information. I’ve found these files and some information that gives me a username (Sorry, I’m trying to be vague), but I still don’t have a way of getting a password. I could try guessing passwords, but the box has a lockout after so many passwords, so that is pretty useless unless I’m gonna sit here and keep resetting the box. I’ve been scanning and scraping for a week now hoping that I’d find something else that I’m missing. I’ve checked certificates, cookies, directories, etc… Once I get this one piece, the exploit is obvious, but I’m lost on what I’m missing and I don’t seem to be making any more progress

@5aru - the username and password are located in the same exact place. Think about what software the machine is running and then read what the file says about the users password. One thing that tripped me up - the username is capitalized when you read it, but the correct username to log in with is not. Hope that helps.

That was it, thank you. I assumed the username was exactly as it appeared

@5aru said:
That was it, thank you. I assumed the username was exactly as it appeared

Same. This tripped me up for a hot minute. Congrats.

totally lost SENSE in this box. Did dirbuster but couldn’t find anything useful. can anyone PM me the hind.

Guys, hint on what to do after login? I’ve tried many exploits

@MrRobotty try playing with dirb or nmap and continue the journey …

Can someone shoot me a PM please? I found a spot to upload … this the right path?

use wfuzz with a specific extension

@roguesecurity said:
totally lost SENSE in this box. Did dirbuster but couldn’t find anything useful. can anyone PM me the hind.

+1

if you dont find with dirbuster, then try another tool, dirbuster can be good and very bad.

Got user and root. Extremely sensible.