Aragog

gorias · February 10, 2018, 10:47pm

Anyone getting anywhere with Aragog - throwing dirbuster at it and getting nowhere, - any hints would be lovely,

ninjat · February 11, 2018, 12:07am

I’m stuck as well, but i suspect it has something to with web cralwers or spiders. Aragog is a giant spider in Harry Potter

gorias · February 11, 2018, 12:22am

Yeah, wasn’t really a fan of the whole Harry Potter thing, Mrs was, web crawlers or spiders makes sense, will play with Burp - see what i get

ZishanThandar · February 11, 2018, 4:48am

Recon is necessary. Yeah! dirbuster is good. One of the best tool to recon is nmap. With nmap we can find many open ports like https, http, ftp etc. Then if those ports are vuln we can exploit manually those. xD
Hack The Box

paciock · February 11, 2018, 12:05pm

this post was fast!

gorias · February 11, 2018, 9:46pm

Am i getting anywhere looking at /server-status/ or is that a red herring?

fatalglitch · February 12, 2018, 1:16am

I’ve run several dirb and similar, but no hope yet. nmap revealed some other services, still no luck with those either. Anyone made any progress?

wr3nch0x1 · February 12, 2018, 4:56am

so anybody found and Netmask?

8urnside · February 12, 2018, 7:04am

yeah, but i’m in same boat. no idea what the ftp file means.

gorias · February 12, 2018, 7:17pm

same boat with netmask, dirbing like ■■■■, not finding anything useful

gandalf8110 · February 12, 2018, 7:23pm

found the file and the webpage, no idea how to tie the two together and running out of ideas.

Malkinowns71 · February 12, 2018, 7:34pm

the file found in that one place and the awesome Apache page haha.

gandalf8110 · February 12, 2018, 7:38pm

@Malkinowns71 said:
the file found in that one place and the awesome Apache page haha.

no, there was file via http which relates to the netmask one

gorias · February 12, 2018, 10:04pm

went down the option bleed track - didnt get anywhere, looking at some interesting things with vhosts, again not sure am on the right track

comrex · February 12, 2018, 10:05pm

i am stuck at privesc … anyone ? hint ?

fatalglitch · February 12, 2018, 11:32pm

any hints on how to find the file via http? 6 hours of dirbuster and still nothing…

8urnside · February 12, 2018, 11:41pm

try common (default) extensions in dbuster
i’ve found an interesting file but can’t figure out what to do with it

fatalglitch · February 13, 2018, 1:56am

And a more simplified dbuster got me on the right track… honestly think what I found was not there previously…

Entrophy · February 13, 2018, 12:08pm

HI guys, can some1 pm me? I got some problem with hash cracking…

gandalf8110 · February 13, 2018, 1:13pm

Anyone have any pointers. I’ve tried all the obvious things, all the things mentioned on here (I won’t list them for spoilers) but I have nothing other than the two files (FTP and HTTP). Feeling a little stupid!
Hack The Box