Luke

Rooted.

It wasn’t as bad as some people are making it out to be.

Reminds you that enumeration is always important. Keep good notes of you might miss something. And as always, we careful when you copy paste things :)… I was hurting myself for failure to copy something correctly.

Overall decent box.

Hints: Every port should be used on this one. Thorough enumeration.

The moment when this is a 30 points box making it equivalent to Unattended and Arkham …

Hint: Enumerate ! A LOT.

The server is unstable because people are bruteforcing it. DO NOT brute force. You should get all the passwords. Use ONLY WHAT YOU GET.

Type your comment> @Ryan412 said:

The moment when this is a 30 points box making it equivalent to Unattended and Arkham …

Hint: Enumerate ! A LOT.

The server is unstable because people are bruteforcing it. DO NOT brute force. You should get all the passwords. Use ONLY WHAT YOU GET.

I was thinking the same thing… #fakenews xD

I’ve got no creds but a few places to feed them into, haven’t figured out the second highest port yet. Any hints?

Spoiler Removed

Rooted. Understanding the strange service is key. Google is your friend

This box isn’t very CTF at all. Everything you need is there and can be found with ease using common enumeration techniques - there is literally nothing you have to guess. I thought the path to shell access was nice, but would have liked to see a bit more done with root.

I got 2 logins and 1 auth point, attack surface is huge. The box will take some time

Type your comment> @1NC39T10N said:

I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.

Do you know why gobuster doesn’t work? I found out I could use dirsearch.py also.

Also anyone able to help me with some type of resource for the n***.j* page? Can’t find anything.

Do we need to bruteforce the login page or we can find them?

Rooted! In my opinion this box is too much CTF-like… and the fact that there is no privesc is very Disappointing :-/

Anyway, my hints for this box are:

  • Enumerate everything
  • Explore all services… specially the one that gives you an odd response (google is your friend)
  • No need to brute force… seriously!

i’ve gotten past the auth page with the 3*** port. But i was wondering if anyone could help me with the auth token after?

I can get an auth token with c*** but not sure how to login on my browser with it.

Edit: Got it.

Should the odd port be dumping passwords? I’m only getting a list of users from it.

Type your comment> @nergalwaja said:

Should the odd port be dumping passwords? I’m only getting a list of users from it.

Try accessing the users one by one :wink:

Hmm… easy box

Rooted! Felt like I was doing a CTF again, Learnt some new stuff, so I can’t complain.

Type your comment> @syan1de said:

Rooted! Felt like I was doing a CTF again, Learnt some new stuff, so I can’t complain.

Any tips on how to come across the token? I know how to use it once I get it since it is similar to another box that’s active, but I only have the txt file which I guess is a reference to some anime.

I used dirbuster to enumerate endpoints.

Anyone kind enough to give me a nudge, found plenty of creds, seem unusable… Thanks

edit: nevermind…

Authenticated into A***** but stuck. Just got a pretty much blank UI. Rabbit hole?

Edit: Nevermind. UI is there after reset. Someone must have spooned it.