How did you solve “Connection Refused”? Can someone PM me on this? I did all I thought possible problem.
I keep getting a Connection Refused everytime i run dirbuster Idk why !!
Type your comment> @shaswata56 said:
those who got users, just for saving time, is dirbusting necessary?
or, it’s more than necessary?
IMO, you’ll need to at two stages unless you take some semi-creative guesses. What you are looking for is in many of the wordlists though, you just have to look in the right spot. There are only a couple so don’t get too far off track.
Okay, I give up. I’ve dirb’ed the ■■■■ out of this thing… I think. I’ve found usernames and passwords, none of which work on the middle port. Some people say there’s a login page but I haven’t yet found that. I’ve looked for all .php files in the directories I know about, tried w*-an but it says the page isn’t running word***. So that’s probably a rabbit hole, yeah?
On the plus side, Dust on the Interstellar OST is legit.
Type your comment> @edoardop said:
This is my second box, I’ve been fuzzing the ■■■■ out of it but can’t seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or you’d like to help I really appreciate it!
@Mapperist said:
Okay, I give up. I’ve dirb’ed the ■■■■ out of this thing… I think. I’ve found usernames and passwords, none of which work on the middle port. Some people say there’s a login page but I haven’t yet found that. I’ve looked for all .php files in the directories I know about, tried w*-an but it says the page isn’t running word***. So that’s probably a rabbit hole, yeah?On the plus side, Dust on the Interstellar OST is legit.
I’m pretty much like you. Don’t worry, even if you had the login page, the credentials don’t work there. Not surprising because one of the said credential has a typo in it where it was found so it CANT work as it is …
Type your comment> @lebutter said:
Type your comment> @edoardop said:
This is my second box, I’ve been fuzzing the ■■■■ out of it but can’t seem to find anything useful except for the excluded directory and a foothold of the services running on the box. If you have any hint or you’d like to help I really appreciate it!
@Mapperist said:
Okay, I give up. I’ve dirb’ed the ■■■■ out of this thing… I think. I’ve found usernames and passwords, none of which work on the middle port. Some people say there’s a login page but I haven’t yet found that. I’ve looked for all .php files in the directories I know about, tried w*-an but it says the page isn’t running word***. So that’s probably a rabbit hole, yeah?On the plus side, Dust on the Interstellar OST is legit.
I’m pretty much like you. Don’t worry, even if you had the login page, the credentials don’t work there. Not surprising because one of the said credential has a typo in it where it was found so it CANT work as it is …
Actually, is not the creds that has a typo. The p*p file you need is something beween the name of the machine and the r*****.t** directory. Just no “-”. This might be a spoiler, but it was the strangest part of the box. PM me for more (as far as I have reached ofc)
Hey guys, has that damnable ptmer script worked for anyone after finding the login ? Otherwise everything seems to require auth.
Why is this box rated so bad? I liked the idea. Sure there are some rabbit holes but the way of connecting the points to get user is really nice.
Type your comment> @AXANO said:
GOT USER. crazy box full of rabitholes. it is easily a hard box
Made me laugh 
I like you.
Found the login page, tried few things but i got connection refused no matter what, maybe am i doing it wrong ?
looking for nudge on user. have f** access , have many users, many passwords. even many passwords for some users. I have an idea where to go next, but not sure
Ditto. Is it findable from the clues without bruteforcing the ■■■■ out of the original dir and the one found from f**?
Any hint for getting user.txt?
Successfully logged in, edited script to the file which I want but it does not send the content of it.
Type your comment> @ls4cfk said:
Any hint for getting user.txt?
Successfully logged in, edited script to the file which I want but it does not send the content of it.
check the dir of your script
Would anyone be interested in comparing notes about fuzzing strategies? I’ve been trying to get to this mysterious login page all day long. I tried several common wordlists, created custom wordlists, modified existing wordlists and used all of them on all directories I know. Still nothing …
OK - progress.
For those fuzzing, it’s in one of the stock wordlists for a common tool, no magic involved. Check you are searching for a sensible file type based on what you know so far.
If you are bruteforcing SSH, please don’t. That’s not the way at all.
Type your comment> @knuijsting said:
Type your comment> @ls4cfk said:
Any hint for getting user.txt?
Successfully logged in, edited script to the file which I want but it does not send the content of it.
check the dir of your script
are you talking about r*_m*_s*.py? what dir actually?
Type your comment> @GibParadox said:
Type your comment> @0xRDx0 said:
Type your comment> @GibParadox said:
There might be something there
something newer than what was found in the h******.gz on the f** service ?
Worth checking…
checked f** service got h******.gz. trying to find new files as per previous comments, unable to find anything with t**.*z extension running with default wordlists like big.txt,directory-list-2.3 tried basic guess wordls like backup …etc.
nvm got user.was on a rabbit hole working with the exploit was able to read the password of w***o.
really? somebody changed user.txt flag. Why slow other people? are you bored?