Redcross

Logged in to the webpage and might have found a vuln but can’t seem to exploit it…

Still no bloods?

@s1gh did you use a dict, I guess I know a user… any hint that you can share us?

No need to bruteforce.

■■■■!

Found three pages with logins but no credentials.

xsmile same

first blood user…

any list i use for sub******s its just not working TT with wfuzz

gobuster?

Finally got user.
Now on the root!

@xsmile said:
Found three pages with logins but no credentials.

i have found 4 login functionalities. but cant access any of them for now

@w31rd0 said:

@xsmile said:
Found three pages with logins but no credentials.

i have found 4 login functionalities. but cant access any of them for now

Have you managed to get passed this? All I have left is a brute force but @s1gh said that isn’t a thing…

Okay, for those of you requiring a starting point begin to enumerate /do.../ using directory-list-lowercase-2.3-small.txt with the most common portable document format extension. The login credentials can be guessed anyways so use this as your last resort.

Report this as spoiler if you think I said too much.

@numbfrank said:

@w31rd0 said:

@xsmile said:
Found three pages with logins but no credentials.

i have found 4 login functionalities. but cant access any of them for now

Have you managed to get passed this? All I have left is a brute force but @s1gh said that isn’t a thing…

yeah i got passed it.
so for starters guessing may be helpful. trying “default” and common “accounts”.

@fjv said:
Okay, for those of you requiring a starting point begin to enumerate /do.../ using directory-list-lowercase-2.3-small.txt with the most common portable document format extension. The login credentials can be guessed anyways so use this as your last resort.

Report this as spoiler if you think I said too much.

Great hint @fjv

Rooted. Feel free to PM me for hints.

This #GuessTheBox CTF stuff is out of control. :confused:

I’ve found several accounts via S**-In***** … It’s using a certain hash type I can’t decrypt. It’s really needed to decrypt?

@dennisveninga said:
I’ve found several accounts via S**-In***** … It’s using a certain hash type I can’t decrypt. It’s really needed to decrypt?

AFAIK no need. The password for one of the account is trivial. The s* coo* can be used on another vh*

I’m not a big fan of these “hidden files in web directories” boxes. It’s ultimately brute force. You send tens of thousands random requests resulting in 404’s would easily be blocked.

Maybe it’s real-world realistic, but to me it’s a lame initial foothold.