thank you for replying
ill try
1 Like
Iāve spend an entire day enumerating. no problems with that, but Iām having troubles for the second part of the rce. I can get the box to talk to me, but impossible de find my file on that box !?! everything looks good, Iāve repeated the steps 5 times and I wonder if my burp or my computer is being tricky 
Iām really stuck, if someone could give me a hint
Sure, PM me
Rooted interesting root part 
Having the same issue here, the box download the files from my machine, but i cant find the font file on the server, or it doesnt work 
1 Like
@illuminatum @stapoo
I had a similar issue, resorting to another way solved it for me and i am now stuck on root part.
Since you already know what to do, without spoilers id advise you to find something that can repeat the same process of what you are trying to do, it fixed it for me.
Instead of having to find the file yourself, something can activate it for you.
Feel free to PM me if it gets unbearable.
1 Like
Not sure how I feel about this box. I did learn a new thing but the guessing game was way too strong for my liking. Thatās not even talking about the fact that when you find your way in, it doesnāt work until you think of resetting the boxā¦ But since youāre blind all along the first part, you never know if things go wrong because of you or because of the box.
Anyway, interesting stuff, but the ratio guessing/learning was too much for me.
Edit : I hate when you ask for help and people say āEnumerateā, likeā¦ thank you, genius. But for the first part of this box, ouchā¦ enumerateā¦ try different wordlists, different filters, different matchers, different methodsā¦ If youāre not lucky or not thorough enough, youāre in for a bad time.
feroxbuster (ver.2.9.1) is so powerfull. you can find everything with this just one line:
feroxbuster -u http://<subdomain>.interface.htb/ -m GET,POST
(donāt forget to add found sub dirs with Scan Management Menu)
0xdf uploaded the vid about feroxbuster recently Recent Updates in Feroxbuster 2.9.1 - YouTube
4 Likes
I cannot get the rev shell to work. Please help.
I am able to find out v***** and c******* but not any other directories. Also tried parameter fuzzing but not found anything with different methods. Need help regarding this.
How did you find the subdomain?
Intercept the request and response headers from the website, it is hidden somewhere 
1 Like
i read the response header carefully
1 Like
Time to get my eyesight checked, it was in front of me the whole time
1 Like
can you give a hint, i ve been enumerating for the past 5 hours and I think I am just entering rabbit hole after rabbit hole.
Nevermind ā ā ā ā ā . Same as you, I gotta get my eyes checked ASAP or else I would continue to miss out on low hanging fruits like this lol
1 Like
as they say devil is in the details and patience is virtue. Its definitely not just enumeration but one should know what, where to enumerate. As @shoebill pointed out feroxbuster 2.9.1 certainly helped to get more details especially adding the discovered details on the fly to the scan. Certainly worth the time spent.
I got API Endpoint and /v***/c*** and /v***/d***f . Stuck on parameters.
You should be able to use similar techniques to how Feroxbuster knows between a true 404 and an interesting one to find the folder wherein the fonts live. One MAJOR issue with this box is that the amount of enumeration quickly fills the hard drive with logs. If this happens, the file request will hit you, but the server wonāt have space to write the file. (I believe this problem also manifests when using the API and you donāt get a file back, as it first writes the file to /tmp/ before sending it). If this happens, youāll have to reset the box to clear the hard drive.
I pwned this machine. The root path is a little bit confused of me.
1 Like