Official Bizness Discussion

thanks for replying, i’ll try again tomorrow :slight_smile:

hello I don’t see what else I can do to exploit the server, I was able to resolve the ip in name on /etc/host I also did DNS lookup but nothing anyone have a clue?

have you tried fuzzing dirs?

For those who are facing session disconnects within a minute, Try changing VPN server… it worked for me.

2 Likes

Hi, I am new to HTB just started bizness as my first machine, and I am stuck on accessing the bizness.htb website, I did some digging and found out I must add the machine IP to the /etc/hosts file and I did but after that, I kept getting another error connection timed out. I will add the necessary screenshots so I can make my self clearer any help will be appreciated, thanks in advance :slight_smile:
Cant add more than 1 image as a new user, but this is my /etc/hosts configuration

in the end I was able to make a lot of headway, but now I’m turning around i’ve got a SHA but I tried to decipher it with John the ripper and it didn’t work.

1 Like

check if your vpn is enabled, ping the target address and then associate the address with the domain name and restart dns services

So I have rooted this box, but when inputing the flags I am getting a wrong answer. Not sure there is more on top of this

I found the sha hash, how do i decrypt it

1 Like

Hello. I’m very new to HTB, had completed 5 academy modules under pentesting job role and would like to try live machine.
What I did:

  1. nmap enumerate found TCP/22 with some CVEs
    TCP/80 will hang with --script=vuln
  2. added /etc/hosts
  3. subdir enum using fuff got only /control and /index.php
  4. try went through various .js code

Right now I don’t know what to go on, or what can I do with the CVEs. Can anyone please give a hint.
Or maybe I should go back to continue the modules :joy:

when you say fuzzing dirs, do you mean domain/FUZZ ?
I used fuff with many kind of wordlists but get only /control

$ ./ffuf -c -w /usr/share/SecLists/Discovery/Web-Content/big.txt -u https://bizness.htb/FUZZ -fs 0

I would check with:
$ ip a s
and see if there’s tun0 interface with 10.10.x.x/23 ip address which is the VPN tunnel IP

PE is a shitshow, no wonder this machine have a low review.

It did teach me to pay more attention though. Did not enjoy it not one bit. Wouldn’t recommend nor would do it again.