I am stuck in “Using the concepts taught in this section, connect to the web server on the internal network. Submit the flag presented on the home page as the answer.” task.
I recieve apache default page, but can’t see a flag
Okay, I solved it. Check ip addresses in internal network
When you tried it initially did the webpage time out?
didi you figure it out? I’m having the same time out problem although it shows that port 80 on the host 172.16.5.135 is open
Nevermind, I solved it using curl
2 Likes
Curl worked for you. I ended up doing two ways. 1 using metasploit and the other using http-enum with nmap.
could you explain how you did this please
I had the same problem, curl responded instantly but browsers timedout.
Use proxychains and a command you want to issue.
The command can be anthing you would normally do, but this time it’s routed through the attacked host, eg: the ssh connection you set up using the username provided.
So for me it was:
proxychains curl -v <internal IP you find from the box>
Then just look through the code - if set up properly it will return instantly.
1 Like
I think I’m going crazy. The nmap to web 172.16.5.135 returns 80 open, so the proxy with rpivot is configured correctly, but when I do the curl it does not return anything. Can you give me a clue?
──╼ [★]$ proxychains nmap 172.16.5.135 -p80
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.14
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-17 17:48 BST
[proxychains] Strict chain … 127.0.0.1:9050 … 172.16.5.135:80 … OK
[proxychains] Strict chain … 127.0.0.1:9050 … 172.16.5.135:80 … OK
Nmap scan report for 172.16.5.135
Host is up (0.10s latency).
PORT STATE SERVICE
80/tcp open http
─[us-academy-3]─[10.10.14.181]─[htb-ac-569102@htb-yzy3dresrw]─[~]
└──╼ [★]$ proxychains curl -v 172.16.5.135
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.14
- Trying 172.16.5.135:80…
[proxychains] Strict chain … 127.0.0.1:9050 … 172.16.5.135:80 … OK - Connected to 172.16.5.135 (127.0.0.1) port 80 (#0)
GET / HTTP/1.1
Host: 172.16.5.135
User-Agent: curl/7.88.1
Accept: /
- Empty reply from server
- Closing connection 0
curl: (52) Empty reply from server
Solved
How do you manage to solved it?
I performed THE SAME STEPS the next morning. I think sometimes HTB environments, while great, start with errors. Once everything was restarted, with the same steps I was able to do it without problem.
I am still struggling with this one. I followed the steps in the instruction, establish the connection to my attack box with rpivot and have no problem there.
I tried using both firefox and curl, yet can never get the page to display. If I use the following
nmap -v -p 80 172.16.5.135
It shows that port 80 on 172.16.5.135 is open with an Apache web server running.
However, proxychains using either firefox or curl gets me no results.
I am sure that it’s an easy error on my part, but I have tried it a few days this week and can’t get any further.
Any more help or clues is certainly appreciated. I want to understand why I am failing this lesson and how the correct procedure works.
I’ve been down that road with troubleshooting too. When I was learning about proxies and web testing, I hit a wall similar to yours. Turned out, my proxy settings were off. Have you checked if rpivot is configured correctly? It might be redirecting traffic but not to the right place. Also, I’ve found Zynoo.com to be great for offshore hosting, especially when I needed reliable proxy setups for security testing. They might offer insights or tools that could help you nail down the issue.
For anyone still stuck, after setting up everything as shown in the module, simply use curl to view the code and contents of the webpage and inspect it as the flag is shown within the code and it is not labeled as flag=… It is however in the same format that we are used to for the flags. Good luck
1 Like
If you’re seeing an empty response from your server when trying to curl via rpivot, it might be a configuration issue on the server itself that’s causing it not to respond properly. A common cause could be a misconfiguration in the web server’s settings or firewall rules that restrict incoming connections, even if they appear to be set up correctly.Sometimes, a fresh tool like a ‘stresser’ can expose additional details that are otherwise easy to overlook. Make sure to double-check your firewall rules and ports as well—common oversight areas that can block your rpivot efforts.
I was able to view the flag using both curl and via shuttle and Firefox. However when I submit the flag HTB{some text} it is giving me an error. Can someone please assist me as I would love to complete this module and move on.
same issue here, managed to get the content from the server with curl but no dice on the flag posted. any suggestions?
format of flag found:
I_****_*****_******
I just manually typed in the flag and it worked somehow
found exact same flag and it didnt work.