Finally finished with this box, four hours of dirbuster to find what I needed (admittedly I may have overdone the extensions list), then 10 minutes to root the box. Technically it is easy but ■■■■ is it frustrating.
To answer a couple Qs on here without being spoilery:
I used one of the default dirbuster wordlists.
When you find the thing you need, it should be obvious. Don’t overthink things.
There’s another something you may find that will give you an idea of what to investigate next (though it’s likely something you’d do anyway)
I hope that’s not too confusing or close to being a spoiler, I’m new to all this.
I think the point of this box is to teach you patience and not to quit on your enumeration.
@weilunnn said:
Gotten the username now. Any hint on the password ?
Apparently it is in the same location as the username.
Could you send me a PM on the extension list you used? Ran dirbuster for few hours yesterday, but found nothing of use…
@weilunnn said:
Gotten the username now. Any hint on the password ?
Apparently it is in the same location as the username.
Could you send me a PM on the extension list you used? Ran dirbuster for few hours yesterday, but found nothing of use…
Just ask yourself “what is the basic kind of file where you can store data?” then you have your answer. And when using dirbuster don’t look for too many extension…
Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.
@keramas said:
Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.
if you don’t knock on the right door, you’ll find nothing… go back on your nmap scan.
@keramas said:
Having a lot of trouble with enumeration. Exhausted all lists I could with various file extensions but only turned up one interesting file. Haven’t found anything credential-related and I’m quite lost with what to do. Any guidance would be much appreciated either here or DM.
if you don’t knock on the right door, you’ll find nothing… go back on your nmap scan.
Thanks for the reply.
I’ve re-scanned and looked at everything again, but I feel like I’m taking crazy pills because I am not seeing anything of interest.
The needed file finally populated… Not sure why it didn’t show up the last 2 times I ran this wordlist. The only thing I changed was speed this time, which I wouldn’t think would affect it.
Was able complete Sense, but not sure if it was the “correct” way. Didn’t seem easy to me compared to the other machines labeled as easy. Would appreciate a PM indicating how it should be done.
I got root on this box. I failed to enum, I spent like 5 hours with a vuln that got me nowhere. I overlooked something very basic, the exploit is actually really easy.
So can anyone help me out with the password for the application login? I found the username, but I’m stumped on the PW. Feel free to PM me if you want.
@NinjaRockstar said:
So can anyone help me out with the password for the application login? I found the username, but I’m stumped on the PW. Feel free to PM me if you want.
Think about what the file is telling you, there is another post on here in with a hint on this too, the clue is in that file.
I’ve been going crazy for 2 days now. Either I’ve ran the correct wordlist with the right extensions and the “file” isn’t as obvious as everyone is saying or I have no idea what I am doing wrong. Please give me something?
I can’t find this ■■■■ file and I’m frustrated as a 40 year old virgin. txt,info,text,dat,data,sql and every wordlist I can find… Can someone PM me with a hint or a prayer.