Player

Player

Lets Play <3

MrR3boot
Learn | Hack | Have Fun

«13456

Comments

  • The more beautiful image we have the more strange box it is…

    YanTayga

  • Type your comment> @YanTayga said:

    The more beautiful image we have the more strange box it is…

    Actual factuals

    0xskywalker

  • Interesting already with what I've found :)


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • See you in 22 days! :bleep_bloop:

  • Yea lol i'll be on vacation till that time :)

    MrR3boot
    Learn | Hack | Have Fun

  • Type your comment> @MrR3boot said:

    Yea lol i'll be on vacation till that time :)

    Yeah i need a r3b00t 2 ;)

  • Almost blew up my server messing with the coin

  • edited July 7

    Type your comment> @mRr3b00t said:

    Type your comment> @MrR3boot said:

    Yea lol i'll be on vacation till that time :)

    Yeah i need a r3b00t 2 ;)

    He will be available when you playing with Player 2 <3

    MrR3boot
    Learn | Hack | Have Fun

  • Type your comment> @MrR3boot said:

    Type your comment> @mRr3b00t said:

    Type your comment> @MrR3boot said:

    Yea lol i'll be on vacation till that time :)

    Yeah i need a r3b00t 2 ;)

    He will be available when you will be playing with Player 2 <3

    Hmm, if only the countdown was shorter ;)


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • edited July 8

    Mmm

  • Congrats @mprox and @jkr nicely done.

    MrR3boot
    Learn | Hack | Have Fun

  • edited July 7

    Consider you are doing a real pentest and note everything you find even if its a minute error message. Keep a note of what u see in different vhosts and move further. Good luck

    MrR3boot
    Learn | Hack | Have Fun

  • Do you need a good GPU for this box? :)

  • No need of any fuzzing and bruteforcing. I hate them though

    MrR3boot
    Learn | Hack | Have Fun

  • Type your comment> @MrR3boot said:

    No need of any fuzzing and bruteforcing. I hate them though

    no need for fuzzing content of vhosts?

    Hack The Box

  • @EnDeRuCn said:
    Type your comment> @MrR3boot said:

    No need of any fuzzing and bruteforcing. I hate them though

    no need for fuzzing content of vhosts?

    Yes for vhosts it is common. I meant for other stuff

    MrR3boot
    Learn | Hack | Have Fun

  • Whoever done the box already please revisit once as unintended ways to root are patched and you can enjoy the hard ride to get root. I'm sure you love the Game now <3

    MrR3boot
    Learn | Hack | Have Fun

  • Am I supposed to be getting a 403 on 80?

  • Yes everyone supposed to..

    MrR3boot
    Learn | Hack | Have Fun

  • Are we supposed to crack jwt?

    YanTayga

  • Type your comment> @YanTayga said:

    Are we supposed to crack jwt?

    I tried. Spent 20-30 minutes on it. Also MrR3boot said: He hates bruteforce.
    I thinks it's safe to assume: no.

    x41

  • Seems that I've lost smth…
    Found domains, phps, chats, developers, another ssh… Could not connect it together…

    Even bruted, in addition to domains, by hydra anything that could…

    YanTayga

  • you guys are to focues on the jwt part..and to focused on the brute forcing part...if you wanna brute force then brutre force, why ask other about theire opinion? isnt that the hole picture? u must practis to learn:D
    however it took 3 minutes to get the login page. lets see whats in there

  • edited July 7

    I have login page as well. Have no valid creds yet

    YanTayga

  • Personally, i really enjoyed this box. Although the initial foothold was a bit of a stretch. I appreciate the hint that was given, but I'm not sure it was enough to save certain poor souls. Overall, I believe it was a solid 9/10 of a box. I also highly recommend that people do not just take the easiest route as there are various different paths you can take to route this box, all of which have different difficulties and learning curves.

    Thank you MrReboot for taking the time to make this box and big kudos for the vulnerabilities chosen. <3

    OSCP | TMHC CTF

  • Thanks @chivato glad that you had fun.

    MrR3boot
    Learn | Hack | Have Fun

  • the first vulnerability / exploit was one of my favourites I've seen. Enjoyed the box :smile: thanks

  • I Need help user :[

  • edited July 8

    Found some vhosts, found the "hints" to what is wrong with the site(s), found some names in an answer to a url request, found source of the countdown (client side), found a login. And stuck, next step unknown :smile:

    halfluke

  • I've found the hash for the IDE through another vuln. Do I need to crack/bruteforce this hash to login? I've tried rockyou, but that didn't work.

Sign In to comment.