Redcross

@gudj4qu3r said:
yeap, you have to do some easy trick to make it happens… a “virtual” dns… with no dns at all…

Just think about “what would ippsec do”

@Senpaisol said:

@gudj4qu3r said:
yeap, you have to do some easy trick to make it happens… a “virtual” dns… with no dns at all…

Just think about “what would ippsec do”

lol that’s very true

Logged in to the webpage and might have found a vuln but can’t seem to exploit it…

Still no bloods?

@s1gh did you use a dict, I guess I know a user… any hint that you can share us?

No need to bruteforce.

■■■■!

Found three pages with logins but no credentials.

xsmile same

first blood user…

any list i use for sub******s its just not working TT with wfuzz

gobuster?

Finally got user.
Now on the root!

@xsmile said:
Found three pages with logins but no credentials.

i have found 4 login functionalities. but cant access any of them for now

@w31rd0 said:

@xsmile said:
Found three pages with logins but no credentials.

i have found 4 login functionalities. but cant access any of them for now

Have you managed to get passed this? All I have left is a brute force but @s1gh said that isn’t a thing…

Okay, for those of you requiring a starting point begin to enumerate /do.../ using directory-list-lowercase-2.3-small.txt with the most common portable document format extension. The login credentials can be guessed anyways so use this as your last resort.

Report this as spoiler if you think I said too much.

@numbfrank said:

@w31rd0 said:

@xsmile said:
Found three pages with logins but no credentials.

i have found 4 login functionalities. but cant access any of them for now

Have you managed to get passed this? All I have left is a brute force but @s1gh said that isn’t a thing…

yeah i got passed it.
so for starters guessing may be helpful. trying “default” and common “accounts”.

@fjv said:
Okay, for those of you requiring a starting point begin to enumerate /do.../ using directory-list-lowercase-2.3-small.txt with the most common portable document format extension. The login credentials can be guessed anyways so use this as your last resort.

Report this as spoiler if you think I said too much.

Great hint @fjv

Rooted. Feel free to PM me for hints.

This #GuessTheBox CTF stuff is out of control. :confused:

I’ve found several accounts via S**-In***** … It’s using a certain hash type I can’t decrypt. It’s really needed to decrypt?