Type your comment> @choupit0 said:
Type your comment> @sidchn said:
The Blt a* page should be bypassed using the br*e mi python script available online but its not working for me, i will give respect on your profile please dm me a nudge. And i have tried exploring all the files no luck there.
The script must be adapted and you need to have the right user… and the right wordlist.
sounds Cool 
Type your comment> @choupit0 said:
The script must be adapted and you need to have the right user… and the right wordlist.
Do we get the right wordlist through guessing or some hint on the box?
Type your comment> @d3spis3d said:
Type your comment> @choupit0 said:
The script must be adapted and you need to have the right user… and the right wordlist.
Do we get the right wordlist through guessing or some hint on the box?
In front of you ?
i can’t even run a normal nmap scan, dirb is working with 10 words a minute. is it just the free server? is it more stable on premium?
I begin to wonder if I’m disabled, can’t find the right username / wordlist to use for the l**** page. I might give cewl a go, but still kind of skeptical
Ok, so trying a rockyou on login page with 9 r/s is PITA and not possible to solve the box in reasonable amount of time. So my question is, what wordlist do you guys use at first choice and which has the most “luck” ratio? I ask generally, not just specifically to this box.
Finally rooted the box. Struggled for a little with stability of both scanning and then after the exploit kept getting dropped. Great box either way and I am sure will be better in a few days after the number of people hitting it slows down. If need any help feel free to PM and let me know what you have tried so far.
Spoiler Removed
I wrote a trivial script to bruteforce the pass and used a custom wordlist. I recommend doing this for leaning purposes, instead of looking for already made ones that may not work. If you are struggling writing the script dm me.
for ppl who got the user should I crack the password in db or am wasting my time ?
Spoiler Removed
Spoiler Removed
Stuck on l**in page. Any hints?
May I have some nudge, please? I found the cms and exploit for it which require credentials, also the login page but tucked at this stage.
This box is honestly about enumeration and paying attention. and as most people said, its an easy box, so don’t go nuts.
Foothold, - Enough has been said and can be pieced together about the initial foothold. Some of the comments are actually getting pretty dang close to “push button get spoiler”.
User - enum the box with your low priv shell, from there the trail of breadcrumbs should lead you all the way to root.
Root - if you enum’d correctly, this should be 10 seconds after you get user.
Just got on HTB last weekend so still figuring stuff out. I’ve got the green circle next to Blunder on the machine list, but when I try to do a Nmap scan it is telling me the host is down. My openvpn is connected and I was just on the box half an hour ago and everything was going fine. Any recommendations?
Just rooted pm if you need help
So after spending all night trying to find the user name for the login, I was finally able to root this box. Getting user and root was super easy, however.
Foothold: I tried dr but I really don’t like it. gr was my friend. I would recommend looking for common e********s. There is a way around the lockout, just learn how to b***s it. To find the password you need to be cool.
User: Enumeration is key as files often contain juicy nuggets.
Root: You can run a common enumeration script for this but first check for what p*******s and permissions you have. Does these things have a way to circumvent them?
Special thanks to @bertalting, @Dreadless, @choupit0 for pointing me in the right direction for finding the user. I was close but missed an obvious thing. After you get the username this box is really simple.
I have followed all the hints on here in regards to usernames/passwords. Nothing works. Anyone able to give any kind of nudge?
Side note, I cannot tell you how much I hate these guessing game boxes. It is such a waste of time. Sure I know it’s meant to be realistic I suppose, but it leads to lots of people spamming the ■■■■ out of the box, and it doesn’t feel like I’m learning anything from it.