Luke

Me neither no credentials but yeh plenty of login pages lol

WTF 4 user owns already? Where are you guys finding the entry point?

Stuck in the same boat as @m4xp0wer, no idea where to use these creds.

Same boat. Got the creds, no luck with them. Has anyone tried brute-forcing all the login pages?

Got some creds but they appear to be for m****. Is that the creds you’re talking about?

hmmmm, I guess I am in the same boat as everyone else. Maybe the json needs to be worked on more?

Got a list, dunno what to do with it.

Same boat as @tiger5tyle.
Didn’t found any login pages except for A****i and those creds didn’t work there.

Keep trying passwords folks… and feel free to mix usernames xD

did anyone find the fake user.txt file…ughhh it says “this box is terrible” wth ?!?

Was fun while it lasted!

Yup, I’m still stumped, can anyone grace a nudge upon me?

Opinion: too CTF-like for my taste.

Nudges: 1) When you feel like you’ve exhausted all enumeration, it’s time to figure out how to satisfy the odd one. 2) Try the only information you have (assuming you found it), but perhaps go from the /R.+/. to the /A.+/. 3) Who’s the boss? 4) Oh look, another one! 5) Many ways, one goal.

It’s a fun machine but as @Fugl said. It’s too CTF-like.
The hardest part is to figure out how to retrieve the credentials from the odd port. After that just use the credentials in one of the restricted directories that you should have seen at the early stages of your enumeration. Once you’re in just look for more passwords and that’s enough for getting the root flag and user flag

Pretty nice box and learnt new skills regarding SPA =]

And passwords after passwords should do it.

I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.

very easy and straight forward box … rooted

@Tendel10 there was no privesc, it was intended to get root directly

bach bach

Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere