Aragog

Anyone getting anywhere with Aragog - throwing dirbuster at it and getting nowhere, - any hints would be lovely,

I’m stuck as well, but i suspect it has something to with web cralwers or spiders. Aragog is a giant spider in Harry Potter

Yeah, wasn’t really a fan of the whole Harry Potter thing, Mrs was, web crawlers or spiders makes sense, will play with Burp - see what i get

Recon is necessary. Yeah! dirbuster is good. One of the best tool to recon is nmap. With nmap we can find many open ports like https, http, ftp etc. Then if those ports are vuln we can exploit manually those. xD
Hack The Box

this post was fast!

Am i getting anywhere looking at /server-status/ or is that a red herring?

I’ve run several dirb and similar, but no hope yet. nmap revealed some other services, still no luck with those either. Anyone made any progress?

so anybody found and Netmask?

yeah, but i’m in same boat. no idea what the ftp file means.

same boat with netmask, dirbing like hell, not finding anything useful :frowning:

found the file and the webpage, no idea how to tie the two together and running out of ideas.

the file found in that one place and the awesome Apache page haha.

@Malkinowns71 said:
the file found in that one place and the awesome Apache page haha.

no, there was file via http which relates to the netmask one

went down the option bleed track - didnt get anywhere, looking at some interesting things with vhosts, again not sure am on the right track

i am stuck at privesc … anyone ? hint ?

any hints on how to find the file via http? 6 hours of dirbuster and still nothing…

try common (default) extensions in dbuster
i’ve found an interesting file but can’t figure out what to do with it

And a more simplified dbuster got me on the right track… honestly think what I found was not there previously…

HI guys, can some1 pm me? I got some problem with hash cracking…

Anyone have any pointers. I’ve tried all the obvious things, all the things mentioned on here (I won’t list them for spoilers) but I have nothing other than the two files (FTP and HTTP). Feeling a little stupid!
Hack The Box