Rooted! Felt like I was doing a CTF again, Learnt some new stuff, so I can’t complain.
Any tips on how to come across the token? I know how to use it once I get it since it is similar to another box that’s active, but I only have the txt file which I guess is a reference to some anime.
I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.
Do you know why gobuster doesn’t work? I found out I could use dirsearch.py also.
Also anyone able to help me with some type of resource for the n***.j* page? Can’t find anything.
Gobuster won’t work by default because one of the directories in question will respond with a 403 status code, which gobuster chooses to ignore unless you configure otherwise.
I’ve spent a couple hours looking into this and though I’ve found a couple login pages, I’ve yet to discover any creds.
I feel like I’ve glossed over it as I’ve checked each port, dirb/nikto/dirsearch the ports and I’ve been looking into n****s and I’ve gotten no further
I’ve spent a couple hours looking into this and though I’ve found a couple login pages, I’ve yet to discover any creds.
I feel like I’ve glossed over it as I’ve checked each port, dirb/nikto/dirsearch the ports and I’ve been looking into n****s and I’ve gotten no further
If you’re looking for files that might contain credentials, remember to search for more than just directories.
I need some guidance, I found the initial credential, after that I got a list of users without a password. From here, I do not know where to go. If anyone can help PM me, thank you.
Gobuster won’t work by default because one of the directories in question will respond with a 403 status code, which gobuster chooses to ignore unless you configure otherwise.
I think you meant 401 rather than 403 (gobuster will list 403 by default, but not 401.) At least that was my experience.