Why is the default username and password changed? I thought that was the intentional first step?
Anyone I can DM for a nudge for user? Iām stuck after getting a valid login to port 80.
Hey anyone no if HTB has changed the way to acces GitBucket because the default creds are not works anymore unfortunately, anyone know if there any other existing way to access to root interface without the default creds set ?
Thanks
Hello ! do you know if its normal to not access the GT interface without the default creds, because it s not working
Iāve been looking at this too, they did change it on purpose so they must have another intended way. I just didnāt want to work on it if it was brokenā¦
You can see it in the āChangelogā of the box that it was patched.
have you figure it out yet?
Is anyone able to give me a hint. Iāve gotten the admin cookie but not sure how to leverage it or the method I obtained the cookie. Feel free to DM to avoid mass spoilers
edit: nevermind, found an exploit I needed to pair it with.
Nope lol I gave up a long time ago. Iām waiting for the writeup.
canāt find default creds
There are no ādefaultā creds. That path was unintended and has been patched.
If you want a hint - that 403 is āfront end authenticationā that you need to bypass, look for common ways to get around that, especially when multiple web technologies are in useā¦
DM me if you want more than that.
Fresh install ā The default creds donāt work anymore. You have to bypass something else
Can anyone help i have found one user to app but i canāt find anything intresting
Any help with the foothold is appreciated.
I have thrown everything I can think of at copyparty trying to revive the traversal but am out of ideas. Also used the /download SSRF to scan for more endpoints but didnāt find anything.
Hi,
after some initial enumeration I stuck on 2 things:
- no access to found username for GitBucket: do I need a password here?
- playing with **proxy (and smuggling) but with no luck so far.
May I ask for a hint to make an init foothold?
Thanks
Lol Iām so stuck getting that dumb admin cookie that I will just wait for the write up