@MasterSplinter said:
Rooted. I think unintentional method? Python has a weird cap…
Possibly worth mentioning to HTB staff - they award you a badge if you find a serious enough mistake in a box.
I just discovered the D***** S****** M******** portal after some gave me a nudge to check my h****-file, and how tf does this work? I thought this file makes local n*** r********* more convenient, but how does the box know which name I gave it?
@Spunnring said:
I just discovered the D***** S****** M******** portal after some gave me a nudge to check my h****-file, and how tf does this work? I thought this file makes local n*** r********* more convenient, but how does the box know which name I gave it?
Look how a HTTP request works.
Webservers can host many, many domain names on a single server/ip and they rely on the “host” header of the HTTP request to determine what content to return.
This might help: HTTP/1.1: Request
that’s such a clever way to hide things
didn’t know this before, thanks
Type your comment> @Spunnring said:
that’s such a clever way to hide things
It isn’t even really about hiding. In normal usage, this is how you host multiple sites within a single web server. By using the hosts header, it is easy to direct traffic at the right site.
The server assumes that people using the appropriate header are trying to access the given site. This isn’t a security feature as much as a service identifier - “I want to reach ‘website’ at ‘somedomain’” vs “I want to reach ‘thiswebsite’ at somedomain”
You would typically put these values into your public or internal DNS. Without access to that, we have to manually insert the header/use the h**** file you mentioned 
this is amazing
I have been trying to find vhosts using wfuzz and vhostchecker, but no luck. All of the requests return 200, how do you guys tackle that? So far i have been filtering on line/word count. Is there a better way?
Would appreciate a nudge.
Type your comment> @tang0 said:
I have been trying to find vhosts using wfuzz and vhostchecker, but no luck. All of the requests return 200, how do you guys tackle that? So far i have been filtering on line/word count. Is there a better way?
Would appreciate a nudge.
check email
The creator of this box need a noble prize for trolling HAHA
iam stuck at login page any hints i have tried some basic s** I*******n.
Type your comment> @he110w0r1d said:
Type your comment> @tang0 said:
I have been trying to find vhosts using wfuzz and vhostchecker, but no luck. All of the requests return 200, how do you guys tackle that? So far i have been filtering on line/word count. Is there a better way?
Would appreciate a nudge.
check email
Thanks, totally missed that.
@AhadAli said:
iam stuck at login page any hints i have tried some basic s** I*******n.
It isn’t that. Its more templated.
stuck in the D***** S****** M******** using a self created user.
any nudge would be appreciated. tried s** mp for basic s** I******n too.
Type your comment> @AhadAli said:
iam stuck at login page any hints i have tried some basic s** I*******n.
S** Injection is so 2009
Type your comment> @LMAY75 said:
Spoiler Removed
■■■■ apparently my post root analysis gave away too much, I thought it was pretty vague but hey who knows.
Just want to reiterate that if anyone needs a hint they should feel free to DM me, this was more challenging than usual for an easy box.
Rooted. I agree that is not an easy one, in particular the first part.
DM me if you need a nudge.
Thanks to EgotisticalSW for this nice box.
Any hints for r00t ? I take it involves the high port and dash L ? Cant seem to get dash L to work though
Type your comment> @n3wb1en3w said:
Any hints for r00t ? I take it involves the high port and dash L ? Cant seem to get dash L to work though
DM sent
Type your comment> @wazKoo said:
Wondering how people discovered the 1st exploit S**I on that page. Since it was kinda blind not knowing how to trigger and check the result
Yeah, I agree, that was a bit obtuse. I figured it out pretty much from luck and viewing source because I found it odd that this page existed, but nothing was there. It was kind of sticking out like a sore thumb.