Official Caption Discussion

Why is the default username and password changed? I thought that was the intentional first step?

Anyone I can DM for a nudge for user? Iā€™m stuck after getting a valid login to port 80.

Hey anyone no if HTB has changed the way to acces GitBucket because the default creds are not works anymore unfortunately, anyone know if there any other existing way to access to root interface without the default creds set ?
Thanks

Hello ! do you know if its normal to not access the GT interface without the default creds, because it s not working :confused:

Iā€™ve been looking at this too, they did change it on purpose so they must have another intended way. I just didnā€™t want to work on it if it was brokenā€¦

You can see it in the ā€œChangelogā€ of the box that it was patched.

have you figure it out yet?

Is anyone able to give me a hint. Iā€™ve gotten the admin cookie but not sure how to leverage it or the method I obtained the cookie. Feel free to DM to avoid mass spoilers

edit: nevermind, found an exploit I needed to pair it with.

1 Like

Nope lol I gave up a long time ago. Iā€™m waiting for the writeup.

canā€™t find default creds :sob: :sob: :sob:

There are no ā€œdefaultā€ creds. That path was unintended and has been patched.

If you want a hint - that 403 is ā€œfront end authenticationā€ that you need to bypass, look for common ways to get around that, especially when multiple web technologies are in useā€¦

DM me if you want more than that.