Your task is to create a C# application that will iterate through the wordlist, using each word as a potential path on the target host. You will make HTTP requests to these paths and check for the existence of flag.txt. The program will output the paths where the flag.txt file exists.
Since I have not found any post about this in the forum I will give a few tips to whoever might try the module and have problems.The skill assessment is quite simple.
If you try to overcomplicate it you will just have more trouble finding what you want, which is the path to the file.
Keeping it as simple as possible, try to replicate what you learned about Async and also a way to iterate through the wordlist, a good idea is to have the request response being printed so you’ll have fun watching the code iterating through everything (or not). No need to use StreamReader either, it would make you work a little bit more to obtain the same result but I guess its still an option if you want an all-in-one solution
There is a lot of caveats for getting this lab to work. Have to use an IDE in the pwnbox VM on the browser, install .NET, and apparently have to be connected using the EU VPN…
I can’t get the lab to work. I tried now for 5 days to get it working. Normally I use my own kali linux Visual Studio Codium in Python, but for C# it is a struggle with the libraries import ??? I did all the sections, except the Skills Assessment. I also tried Visual Studio Code and even installed on my Windows machine Visual Studio but I keep getting stuck on library Assessment.dll.
I need this for knowing the paths to smuggler the Apache server because it’s vulnerable.
With Ffuf I did not succeed.
Furthermore I tried to parse the .dll for the wordlist but no success either.
Please help me to get the last flag to finish this HTB module!!!
I managed to extract de wordlist from Assessment.dll with dotPeak (JetBrains) and used also the decoding part of it. Wordlist of 999 lines. Iteration of these words resulted in 998 times 404 (Not Found) and 1 resulted in a 403 (Forbidden). That was string h******s, but no success either.
@minTwin I recommend using the Visual Studio IDE(community), as for the libraries you wont need something too complex. The steps were all explained, you need to make a loop that sends something and until that something is found it will keep running. I also recommend having some “Console.Writeline” so that you’ll see how many attempts were made as well as knowing which string was the correct one
so i’ve figured out you need to import the dll, i’ve checked the dll with c# code to verify the method exists in the assessment.words but I don’t know how to call it from MY program.
You have to iterate through the list using a loop that will make one request at a time with a different word, this is the simplest method, I also recommend having it print the word used and the response from your request so that you’ll be sure it is working as you intend it to
I’m trying not to give out too much here but it was all taught in the previous pages of the C# module, its a bit too simple so its hard to not give spoilers
Also, don’t forget that if you try the wrong protocol it might not work at all