Attacking common applications | HTB Academy

PaoloCMP · October 26, 2021, 10:53am

Hi, I made this topic for this module beacuse I found it very hard in some questions, and there’s no hint.
Does anyone know how to solve the osTicket question? And what about other notable application? I tried everything with nmap, gobuster, hydra but i go nowhere

OceanicSix · October 26, 2021, 1:05pm

For osticket, just follow the instruction in this module

Login with agent credential
Check previous ticket history ( you will have the answer)

I am also stuck at the “notable” and “attack gitlab” section

PaoloCMP · October 26, 2021, 1:52pm

I can’t find the agent credential. I found git as external portal, i registered an account with the ticket email but nothing. Could you give me an hint?
I did “attacking gitlab”, to solve you can try to use the code that you find on the exploitdb links

OceanicSix · October 26, 2021, 2:47pm

Take a look at the email address start with kevin******* and the login page below it.

For “attacking gitlab”, I used the script from exploitdb and wordlist xato-net-10-million-usernames-dup.txt. Eventually, I managed to find a couple of valid username such as “help, public, hacker”. But none of them is the correct answer. So I am not sure what I have missed.

PaoloCMP · October 26, 2021, 3:32pm

Try rockyou.txt list for password and cirt-****.txt for usernames

Fuora · November 14, 2021, 9:30pm

Hi everyone! some of you have been able to pass the skills assessment 1?
specifically the last exercise on getting a shell?

any hint or methodology would greatly appreciate it as I tried various ways without success including metasploit

Fuora · November 14, 2021, 9:34pm

I used several dictionaries and with one I managed to find the correct user, I don’t remember which one it is, but if it comes inside the virtual machine, I recommend you try several and it will come out if you have problems, I can help you!

galertaw · December 15, 2021, 3:34pm

Hi, are you got the flag? If not i can give suggestion that Tomcat 9.0.0M1 is vulnerable for one of lastest CVE in module “Attacking Tomcat”. But I have too troubles for getting flag too
Help me if you solved it

PaoloCMP · December 15, 2021, 10:48pm

Hi, for tomcat you have to use the cgi-exploit, with gobuster or fuzz you find a *.bat file and use it for rce.
If you need other hints text me

admiralhr99 · January 3, 2022, 11:38am

hey bro.i can not find user for gitlab.can you help me please?

admiralhr99 · January 3, 2022, 11:53am

can u help me please.i can not fine user for gitlab

PaoloCMP · January 3, 2022, 3:00pm

Did you already try with different wordlists?

galertaw · January 3, 2022, 4:02pm

hi, ive founded user with cirt*.txt wordlist from cheatsheet and hint in example

admiralhr99 · January 18, 2022, 8:20pm

i use gobuster to enum http://ip:8080/ but i cannt find .bat file.can you help me please?

onthesauce · January 19, 2022, 1:35pm

Are you still stuck on the gitlab question?

admiralhr99 · January 19, 2022, 1:38pm

no i solved it.thank you brother

galertaw · January 23, 2022, 1:43pm

Hi. Can you give a hint about password for gitlab user? Ive tried a first 10000 of rockyou but nothing done

admiralhr99 · January 23, 2022, 1:46pm

dont need to find password for gitlab.just look at gitlab section again and see how you can access information and repositories

galertaw · January 23, 2022, 5:16pm

And so one. Can you please give a hint for WebLogic RCE? Ive tried some of PoCs but it done nothing

admiralhr99 · January 25, 2022, 11:12am

did you find the password?