ok…so I’ve gotten to the endgame and have all the pieces into play…but it’s just not working. I got the right parameter. If some1 could shed some light?
@5aru said:
I’m sorry, I’m still a bit lost. I feel like I’m missing a crucial piece of information. I’ve found these files and some information that gives me a username (Sorry, I’m trying to be vague), but I still don’t have a way of getting a password. I could try guessing passwords, but the box has a lockout after so many passwords, so that is pretty useless unless I’m gonna sit here and keep resetting the box. I’ve been scanning and scraping for a week now hoping that I’d find something else that I’m missing. I’ve checked certificates, cookies, directories, etc… Once I get this one piece, the exploit is obvious, but I’m lost on what I’m missing and I don’t seem to be making any more progress
Hey there , I think after all those sweets and chocolate I had during Xmas I’m getting rusty. ■■■■! Here I come to get some piece of advice from the ones that have been able to set their first foothold into the system. My question is this: I’ve been toying for some days with a particular file, that uses a particular library, to “install” something. So far, nothing. Do I have to keep trying or should I get some fresh air?
Cheers to everyone!
Having solved Sense, I must say it was one of the weaker experiences for me and a challenge that I enjoyed less than others. The first foothold very much depends on the word list you choose. I routinely use the standard dirb word lists, for instance, and they would not be sufficient to find the necessary first hint. As such, it is less an enumeration but more a word list / tool question.
Of course such things can and also do happen during a regular pentest at times. I still feel that the focus is too much set on a brute-force approach in this challenge though, and even finding the hint on the web server in the first place is a little too artificial for my taste. Still, I am happy and thankful that the author provided this system image and very much appreciate his efforts.
Could you provide me a hint regarding a word list that should be used?
@jacu said:
Could you provide me a hint regarding a word list that should be used?
one of the default kali ones will do - just double checked it
This box is actually pretty easy in hindsight, but there’s not a lot of good info out there on how to do it. Once you figure out how to enumerate for the first part of the challenge, the second part ends up being really easy (at least the way I did it), but will probably take a while to find the right information about online.
As with every other box I’ve done on here, enumeration is the key. I always seem to stop enumerating too soon. After that, googling to try to find info about what services are running and what versions they are will help.
@Skunkfoot said:
This box is actually pretty easy in hindsight, but there’s not a lot of good info out there on how to do it. Once you figure out how to enumerate for the first part of the challenge, the second part ends up being really easy (at least the way I did it), but will probably take a while to find the right information about online.As with every other box I’ve done on here, enumeration is the key. I always seem to stop enumerating too soon. After that, googling to try to find info about what services are running and what versions they are will help.
Solved it that weekend in a few hours. It’s like always: enumeration is the key.
As you said, it’s not that hard.
For the ppl here who search for help: ENUMERATE, ENUMERATE MORE, AND EVEN MORE!
I now that’s kinda the lazy part of pentesting, but here it’s the golden key.
Look what you find, which versions of apps are running etc. And then check it with exploit-db and cvedetails.com
Like many people said, enumeration is key here in this box and at first it seems that this box won’t teach you much. But imho, as it doesn’t follow similar concepts like other boxes, it does teach you not to forget different.
I’m still stuck on the 1st phase enumeration. I’ve tried the common wordlists from Kali and the common extensions list (not customized), but I got nothing. I found a particular interesting file, that will help me on the 2nd phase, but until I get the creds to login, I can’t use that info.
Does this requires a crazy recursive search into directories or it’s something on the / or 1 directory depth?
For the extensions, besides the default Kali list, I created another one with: .csv .dat .db .log .mdb .sav .sql .tar .xml .bak .cfg .dll .dmp .ini .sys .tmp .txt .xls .xlsx .7z .pkg .rar .tar.gz .z .zip. However, I got nothing still.
@simoesp said:
I’m still stuck on the 1st phase enumeration. I’ve tried the common wordlists from Kali and the common extensions list (not customized), but I got nothing. I found a particular interesting file, that will help me on the 2nd phase, but until I get the creds to login, I can’t use that info.Does this requires a crazy recursive search into directories or it’s something on the / or 1 directory depth?
For the extensions, besides the default Kali list, I created another one with: .csv .dat .db .log .mdb .sav .sql .tar .xml .bak .cfg .dll .dmp .ini .sys .tmp .txt .xls .xlsx .7z .pkg .rar .tar.gz .z .zip. However, I got nothing still.
Nvm, I figured it out.
Advice: Don’t overthink the enumeration. Just use something like dirbuster and its default wordlists in Kali. Don’t overthink the extension, as it’s something basic and already present in some common extension wordlists.
@svo said:
Having solved Sense, I must say it was one of the weaker experiences for me and a challenge that I enjoyed less than others. The first foothold very much depends on the word list you choose. I routinely use the standard dirb word lists, for instance, and they would not be sufficient to find the necessary first hint. As such, it is less an enumeration but more a word list / tool question.Of course such things can and also do happen during a regular pentest at times. I still feel that the focus is too much set on a brute-force approach in this challenge though, and even finding the hint on the web server in the first place is a little too artificial for my taste. Still, I am happy and thankful that the author provided this system image and very much appreciate his efforts.
Exactly my thoughts. +1
Should the file we are looking for during enumeration be pretty obvious once we see it? I’ve enumerated a bunch of files using the php, txt, and html extensions on dirbuster but nothing is popping out to me. In fact, most of the files return me to the login page when I try accessing them.
I’m worried that I’m just not thinking of the correct extension. Doesn’t help that Dirbuster keeps throwing IOExceptions at me when I give it too much to search for. I’m using one of the default wordlists in Kali.
@NINGEN said:
Should the file we are looking for during enumeration be pretty obvious once we see it? I’ve enumerated a bunch of files using the php, txt, and html extensions on dirbuster but nothing is popping out to me. In fact, most of the files return me to the login page when I try accessing them.I’m worried that I’m just not thinking of the correct extension. Doesn’t help that Dirbuster keeps throwing IOExceptions at me when I give it too much to search for. I’m using one of the default wordlists in Kali.
I’d try another dirbuster wordlist…
@simoesp said:
@NINGEN said:
Should the file we are looking for during enumeration be pretty obvious once we see it? I’ve enumerated a bunch of files using the php, txt, and html extensions on dirbuster but nothing is popping out to me. In fact, most of the files return me to the login page when I try accessing them.I’m worried that I’m just not thinking of the correct extension. Doesn’t help that Dirbuster keeps throwing IOExceptions at me when I give it too much to search for. I’m using one of the default wordlists in Kali.
I’d try another dirbuster wordlist…
Is it normal to be getting 100+ IOException errors while running dirbuster on the target with a large default dirbuster wordlist? The search I’m using is only looking for one extension but I have to keep unpausing it since Dirbuster stops after 20 consecutive errors
Nvm. Just realized I was using the dirb wordlist(s) instead of the dirbuster wordlist(s).
I got what I was looking for soon afterwards. Thanks!
I’m still lost on the attack vector, I enumerated and found two what I thought were >methods of attack but both of those would require end user action on the box itself >unless I’ve been reading and banging my head against them wrong.
Can someone let me bounce ideas off them and let me know if I’m on the right track?
Well scratch that, both the creds and exploit were right in front my face.
@simoesp said:
Advice: Don’t overthink the enumeration. Just use something like dirbuster and its default wordlists in Kali. Don’t overthink the extension, as it’s something basic and already present in some common extension wordlists.
Good advice on not overthinking the extension!
(( good thing though is that I’ve learnt a lot of file extensions from this box…
i found an interesting file with username but without password. any hint?
@sn1pe0r said:
i found an interesting file with username but without password. any hint?
read the file carefully, there’s hint there about the password, and the username and password should be all in lower case.
@Perseverance said:
@sn1pe0r said:
i found an interesting file with username but without password. any hint?read the file carefully, there’s hint there about the password, and the username and password should be all in lower case.
thanks so much i got it!