Starting point - Vaccine

I’m following the walkthrough for “Vaccine” and when it says browse to port 80, I enter the IP (10.10.10.46) into firefox and it times out.

The machine has been restarted during the time I have been trying, am I missing something stupid?

Make sure you’re connected to the openvpn connection pack, maybe try reconnecting the connection by pressing ctrl+c in the window that openvpn is running in and then executing the script again.

Thanks for the quick reply, I did try that but I am able to scan the IP and connect to the FTP server, it responds to pings, it seems the HTTP server is down for some reason.

Its working now, not sure what happened, but I redownloaded my connection pack and reconnected, Although I had done previously. Thanks

I’m having the same issue with this machine, or at least a similar issue.
Everytime I run:
sudo sqlmap -u ‘http://10.10.10.46/dashboard.php?search=a’ --cookie=“PHPSESSID=” --os-shell
It starts to timeout and then I can’t browse or do anything until the labs reset.

Sorry, my comment isn’t helpful.

I have an issue with Vaccine, I cannot do the sqlmap section, whenever I try it fails, if I accept the 302 redirect, it says cannot to connect to URL, if I don’t it says all tested parameter appear to be not injectable (based on the walk through, the GET should be injectable…)

Yep also having that issue, I gave it a rest for a while but still no sqlmap fails to find injectables or it drops connection.

Same issue. sqlmap freezes the site up!? Anyone know a work around?

Did you get round the issue, same thing happening to me.
Type your comment> @Inigma said:

I’m having the same issue with this machine, or at least a similar issue.
Everytime I run:
sudo sqlmap -u ‘http://10.10.10.46/dashboard.php?search=a’ --cookie=“PHPSESSID=” --os-shell
It starts to timeout and then I can’t browse or do anything until the labs reset.

Sorry, my comment isn’t helpful.

@sa1lor unfortunately not. I just moved on to the next lab and forgot about this one tbh.

I’m having the same problem trying the sqlmap injection. Any ideas?

join "–time-sec 10 " and retry

same issue, GET parameter ‘search’ might not be injectable, all tested parameters do not aapear to be injectable

Type your comment> @Taurin said:

same issue, GET parameter ‘search’ might not be injectable, all tested parameters do not aapear to be injectable

Either you did not set the cookie parameter in sqlmap (you are being redirected to login page) or the HTTP server is stuck. It gets stuck always after someone tries to get os-shell there.

Found the best way to get the os-shell was to use burp with intercept mode on right from the login page; On the first packet which passes the PHPSESSION copy that into your sqlmap command and run it, I ran mine with --level 2 and --risk 2.

Once it was running then forward all the packets and then sqlmap responded correctly.

I finally rooted with the help of this thread and the Python script referenced within the thread: Machine name: vaccine stuck on getting SQL code execution shell — Hack The Box :: Forums

Type your comment> @Proelia said:

I’m following the walkthrough for “Vaccine” and when it says browse to port 80, I enter the IP (10.10.10.46) into firefox and it times out.

The machine has been restarted during the time I have been trying, am I missing something stupid?

Hey All - having the same issue with this one. Was there ever any solution or should I just leave it and move on to another? Thanks

Hello everyone.
I am having the same issue when trying to load the website from the Vaccine machine.
It just times out and when I use --reason with nmap i see the service has a no-response

Facing same issue of website timing out.
How to reset the box?

I have the same issue.