Today just felt better. I didn’t accomplish that much but the learning that I did today feels really good. I discovered HackTheBox’s Challenges section and tackled fuzzy.
Fuzzy taught me a few things. First don’t trust that one tool will show you everything that you need to know. In this case I used dirb to enumerate the web app, which gave me a lot of information but it didn’t show me everything I needed to know to move on. I needed to use a tool like dirbuster to enumerate txt, php, html and htm files. This would have shown me the file that I needed much sooner. Second, I learned about the tool wfuzz. This is a tool that I had not had experience with yet, and I thank this challenge for bringing it to light for me. These two lessons along the way to completing this challenge felt great. I struggled for a bit but dug in and tried harder.
Next I moved back to SwagShop on HTB. Yesterday I felt like I just was missing a big part of what I needed to find. Well after my lessons this morning I was able to make some more progress on this one. Unfortunately I’m running into the issue of the HTB public network. I had to stop working on this box as there was multiple other people attempting the box at the same time and it made it impossible to run the exploits that I needed to in order to get a shell.
At this point I’m wondering if it would be worth it to pay for the VIP lab in order to have a better experience working on these boxes. I actually wonder if I could do enough on HTB in order to not spend as much time back in the PWK labs later on. We’ll see.
Just keep swimming!
VulnHub Rooted: 3
HTB Rooted: 0
HTB Challenges: 1