Mischeif

cdf123 · July 20, 2018, 1:44pm

As a general rule for bruteforcing things, don’t just use stock word lists. Keep a tailored one for your target. When you find something on your target, add it to your list. e.g. If you find a user account, add it to your user word list.

smjogi · July 20, 2018, 8:08pm

I have problem with s**o
My I please a hint? or better discuss…

Kruq · July 21, 2018, 1:01am

@smjogi said:
I have problem with s**o
My I please a hint? or better discuss…

enumerate more
There is a linux command that will help you a lot to figure out what is going on.

adco · July 21, 2018, 10:44am

Just when you think you have it and then nope.

Higgsx · July 22, 2018, 9:54am

I have question that people will understand who did root access to mischief box.
Do I need to know password of [SPOILER] user?

[SPOILER DELETE]

windsurfer · July 22, 2018, 3:13pm

is a 127.0.0.1-only bound port relevant to getting user?

SteveOr · July 22, 2018, 6:44pm

Got user (FINALLY). What a ride so far!

This box really gets you back to the fundamentals of enumeration and then some.

MrStfnz · July 23, 2018, 12:25pm

r00ted. Sneaky machine, really sneaky. Enjoyed it all the way up to user, root was kind of lame in my opinion.
P.M. me if you need any nudges.

Maniek · July 23, 2018, 1:28pm

A really nice and nasty machine. Bravo @trickster0

kecebong · July 23, 2018, 3:57pm

I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
Thank you

0xklaue · July 24, 2018, 2:34am

@kecebong said:
I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
Thank you

Enumerate!

kecebong · July 24, 2018, 3:05pm

@pzylence said:
@kecebong said:
I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
Thank you

Enumerate!

thanks, got 2nd login page, sqli and hydra none are working. am i on the correct path or rabbit hole ?

meni0n · July 24, 2018, 9:13pm

I’v enumerated with gobuster and dirb using dirbuster list but not finding anything after getting into the first login… can anyone send a hint?

0xklaue · July 25, 2018, 2:47am

@adco said:
Just when you think you have it and then nope.

+1 -_-"

0xklaue · July 25, 2018, 6:36am

This box is fun! Loving it so far. Thanks @trickster0 !!!

SpZ · July 25, 2018, 3:06pm

Rooted this box, great box

raouf09 · July 25, 2018, 5:04pm

hi all,
i need some help iam stuck on this box. i have found a 02 creds and loged on web the creds dont work on ssh i already found the highest udp port and i have seen another web service running on . i think that was a relation between a udp port and web server. i dont know what?
please help me iam stuck

dmknght · July 26, 2018, 2:57am

Hi all! I’ve found 3 ports, 2 creds. 1 leads me to index page. Dirb gives me nothing but the index page. I’m out of idea! This box is illusion.

HackingTV · July 26, 2018, 4:05am

tried a bunch of combinations with burp suite intruder on the second login page… dont know how to proceed

0xklaue · July 26, 2018, 6:44pm

@christo said:
tried a bunch of combinations with burp suite intruder on the second login page… dont know how to proceed

back to basics, marty!