Bashed is broken

Hello, I’m trying to pwn bashed, however I’ve been stuck for a while now. However, according to walkthroughs, I’m doing it how it’s supposed to be (spoiler alert): Accessing the only port available (80), I get a web server that doesn’t serve an index.html (in Wireshark, the machine sends me a FIN ACK TCP packet). After some dirbusting, I found out about the existing directories and their content: /dev and the web shell that is hosted here. However, it won’t load (as it does with the index.html on /) and according to the official walkthrough I’m supposed to use that web shell. None of the two files work. I even downloaded phpbash from the official repository, it run perfectly fine on my machine. Can someone either fix this, or tell me where I’m supposed to send a bug report ? There’s no thread about this here as far as I can tell, and nothing on the machine page to submit Thanks.

I tried changing the VPN server I was using, but pages are still not loading. Can anyone please help ?

This seems to happen with other machines, such as shocked and nibbles. Reading the walk-through show that I am indeed doing what is supposed to be done, yet the machines never answer when I request the files on the server. Is there anything I can do, beside cancelling my subscription ? Chat support only provide help with 2FA or bans.

Not sure what “Chat support” you mean, but have you tried filing a JIRA ticket: https://forum.hackthebox.eu/discussion/2994/htb-support-on-jira

Thanks for the reply, but it seems that the JIRA link in the thread is offline… However I found a workaround. I am using a personal VPN to connect to the internet, and for some reason, when I connect to HTB machines without my own VPN, those files can be accessed. Just to be clear, when it didn’t work, I had this setup: HTB VPN → Kali VM → personnal VPN → hackthebox.eu If however I set the VM to bypass my VPN: HTB VPN → Kali VM → hackthebox.eu Then those machines works. If you have a clue why, it would be wonderful. Thankfully now I can access the important files on those machines.

I’d say that you’re trying to reach a network you’re supposed to be part of, yet you’re outside of it. The 10.10.xxx.xxx adresses related to the HTB network don’t mean anything to your personal VPN (that’s probably a bad way to explain it though), so it doesn’t know where those packets are meant to be sent.

@dragonista said: > I’d say that you’re trying to reach a network you’re supposed to be part of, yet you’re outside of it. The 10.10.xxx.xxx adresses related to the HTB network don’t mean anything to your personal VPN (that’s probably a bad way to explain it though), so it doesn’t know where those packets are meant to be sent. Sounds reasonable, yes. @kernelmode: Could it be that your personal VPN also assigns addresses in the 10.10.x.y range?