Luke

Was fun while it lasted!

Yup, I’m still stumped, can anyone grace a nudge upon me?

Opinion: too CTF-like for my taste.

Nudges: 1) When you feel like you’ve exhausted all enumeration, it’s time to figure out how to satisfy the odd one. 2) Try the only information you have (assuming you found it), but perhaps go from the /R.+/. to the /A.+/. 3) Who’s the boss? 4) Oh look, another one! 5) Many ways, one goal.

It’s a fun machine but as @Fugl said. It’s too CTF-like.
The hardest part is to figure out how to retrieve the credentials from the odd port. After that just use the credentials in one of the restricted directories that you should have seen at the early stages of your enumeration. Once you’re in just look for more passwords and that’s enough for getting the root flag and user flag

Pretty nice box and learnt new skills regarding SPA =]

And passwords after passwords should do it.

I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.

very easy and straight forward box … rooted

@Tendel10 there was no privesc, it was intended to get root directly

bach bach

Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere

Is the name of the machine some kind of hint? is a username to be used somewhere?

Type your comment> @hudson96 said:

Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere

Same situtation, have you found anything?

Type your comment> @H0bb1t said:

Type your comment> @hudson96 said:

Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere

Same situtation, have you found anything?

No still stuck :frowning:

Type your comment> @hudson96 said:

Type your comment> @H0bb1t said:

Type your comment> @hudson96 said:

Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere

Same situtation, have you found anything?

No still stuck :frowning:

Try investigating that odd, seemingly pointless other service that is not quite a website, but still sort of behaves like one.

A good box that I really appreciated thank you very much to the creator.

Type your comment> @Fugl said:

Type your comment> @hudson96 said:

Type your comment> @H0bb1t said:

Type your comment> @hudson96 said:

Could someone send me nudge towards the creds, I know of the various places to use them just can’t find them anywhere

Same situtation, have you found anything?

No still stuck :frowning:

Try investigating that odd, seemingly pointless other service that is not quite a website, but still sort of behaves like one.

but i am having some difficulty on that page abut auth… failed
can you PM me plz

Got root if you need help feel free to PM
Hack The Box

Getting too much messages can’t reply every one here you can message on twitter for help my username is vj0shii

too CTF-like box


if anyone need help feel free to PM :slight_smile:

i have done a similar thing in help machine. But here it’s a bit strange, throwing error. that HIGH port g*****L