@Senpaisol said:
@gudj4qu3r said:
yeap, you have to do some easy trick to make it happens… a “virtual” dns… with no dns at all…Just think about “what would ippsec do”
lol that’s very true
@Senpaisol said:
@gudj4qu3r said:
yeap, you have to do some easy trick to make it happens… a “virtual” dns… with no dns at all…Just think about “what would ippsec do”
lol that’s very true
Logged in to the webpage and might have found a vuln but can’t seem to exploit it…
Still no bloods?
No need to bruteforce.
■■■■!
Found three pages with logins but no credentials.
xsmile same
first blood user…
any list i use for sub******s its just not working TT with wfuzz
gobuster?
Finally got user.
Now on the root!
@xsmile said:
Found three pages with logins but no credentials.
i have found 4 login functionalities. but cant access any of them for now
@w31rd0 said:
@xsmile said:
Found three pages with logins but no credentials.i have found 4 login functionalities. but cant access any of them for now
Have you managed to get passed this? All I have left is a brute force but @s1gh said that isn’t a thing…
Okay, for those of you requiring a starting point begin to enumerate /do.../
using directory-list-lowercase-2.3-small.txt
with the most common portable document format extension. The login credentials can be guessed anyways so use this as your last resort.
Report this as spoiler if you think I said too much.
@numbfrank said:
@w31rd0 said:
@xsmile said:
Found three pages with logins but no credentials.i have found 4 login functionalities. but cant access any of them for now
Have you managed to get passed this? All I have left is a brute force but @s1gh said that isn’t a thing…
yeah i got passed it.
so for starters guessing may be helpful. trying “default” and common “accounts”.
@fjv said:
Okay, for those of you requiring a starting point begin to enumerate/do.../
usingdirectory-list-lowercase-2.3-small.txt
with the most common portable document format extension. The login credentials can be guessed anyways so use this as your last resort.Report this as spoiler if you think I said too much.
Great hint @fjv
Rooted. Feel free to PM me for hints.
This #GuessTheBox CTF stuff is out of control.
I’ve found several accounts via S**-In***** … It’s using a certain hash type I can’t decrypt. It’s really needed to decrypt?
@dennisveninga said:
I’ve found several accounts via S**-In***** … It’s using a certain hash type I can’t decrypt. It’s really needed to decrypt?
AFAIK no need. The password for one of the account is trivial. The s* coo* can be used on another vh*