thanks for replying, i’ll try again tomorrow
hello I don’t see what else I can do to exploit the server, I was able to resolve the ip in name on /etc/host I also did DNS lookup but nothing anyone have a clue?
have you tried fuzzing dirs?
For those who are facing session disconnects within a minute, Try changing VPN server… it worked for me.
Hi, I am new to HTB just started bizness as my first machine, and I am stuck on accessing the bizness.htb website, I did some digging and found out I must add the machine IP to the /etc/hosts file and I did but after that, I kept getting another error connection timed out. I will add the necessary screenshots so I can make my self clearer any help will be appreciated, thanks in advance
Cant add more than 1 image as a new user, but this is my /etc/hosts configuration
in the end I was able to make a lot of headway, but now I’m turning around i’ve got a SHA but I tried to decipher it with John the ripper and it didn’t work.
check if your vpn is enabled, ping the target address and then associate the address with the domain name and restart dns services
So I have rooted this box, but when inputing the flags I am getting a wrong answer. Not sure there is more on top of this
I found the sha hash, how do i decrypt it
Hello. I’m very new to HTB, had completed 5 academy modules under pentesting job role and would like to try live machine.
What I did:
- nmap enumerate found TCP/22 with some CVEs
TCP/80 will hang with --script=vuln
- added /etc/hosts
- subdir enum using fuff got only /control and /index.php
- try went through various .js code
Right now I don’t know what to go on, or what can I do with the CVEs. Can anyone please give a hint.
Or maybe I should go back to continue the modules
when you say fuzzing dirs, do you mean domain/FUZZ ?
I used fuff with many kind of wordlists but get only /control
$ ./ffuf -c -w /usr/share/SecLists/Discovery/Web-Content/big.txt -u https://bizness.htb/FUZZ -fs 0
I would check with:
$ ip a s
and see if there’s tun0 interface with 10.10.x.x/23 ip address which is the VPN tunnel IP
PE is a shitshow, no wonder this machine have a low review.
It did teach me to pay more attention though. Did not enjoy it not one bit. Wouldn’t recommend nor would do it again.