Was fun while it lasted!
Yup, I’m still stumped, can anyone grace a nudge upon me?
Opinion: too CTF-like for my taste.
Nudges: 1) When you feel like you’ve exhausted all enumeration, it’s time to figure out how to satisfy the odd one. 2) Try the only information you have (assuming you found it), but perhaps go from the /R.+/. to the /A.+/. 3) Who’s the boss? 4) Oh look, another one! 5) Many ways, one goal.
It’s a fun machine but as @Fugl said. It’s too CTF-like.
The hardest part is to figure out how to retrieve the credentials from the odd port. After that just use the credentials in one of the restricted directories that you should have seen at the early stages of your enumeration. Once you’re in just look for more passwords and that’s enough for getting the root flag and user flag
Pretty nice box and learnt new skills regarding SPA =]
And passwords after passwords should do it.
I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.
very easy and straight forward box … rooted
@Tendel10 there was no privesc, it was intended to get root directly
bach bach
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Is the name of the machine some kind of hint? is a username to be used somewhere?
Type your comment> @hudson96 said:
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Same situtation, have you found anything?
Type your comment> @H0bb1t said:
Type your comment> @hudson96 said:
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Same situtation, have you found anything?
No still stuck
Type your comment> @hudson96 said:
Type your comment> @H0bb1t said:
Type your comment> @hudson96 said:
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Same situtation, have you found anything?
No still stuck
Try investigating that odd, seemingly pointless other service that is not quite a website, but still sort of behaves like one.
A good box that I really appreciated thank you very much to the creator.
Type your comment> @Fugl said:
Type your comment> @hudson96 said:
Type your comment> @H0bb1t said:
Type your comment> @hudson96 said:
Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere
Same situtation, have you found anything?
No still stuck
Try investigating that odd, seemingly pointless other service that is not quite a website, but still sort of behaves like one.
but i am having some difficulty on that page abut auth… failed
can you PM me plz
Got root if you need help feel free to PM
Getting too much messages can’t reply every one here you can message on twitter for help my username is vj0shii
i have done a similar thing in help machine. But here it’s a bit strange, throwing error. that HIGH port g*****L