Luke

Type your comment> @zetascrub said:

I’ve spent a couple hours looking into this and though I’ve found a couple login pages, I’ve yet to discover any creds.

I feel like I’ve glossed over it as I’ve checked each port, dirb/nikto/dirsearch the ports and I’ve been looking into n****s and I’ve gotten no further :confused:

If you’re looking for files that might contain credentials, remember to search for more than just directories.

Well that was easy, rooted! Anyone needs help PM me :slight_smile:

I need some guidance, I found the initial credential, after that I got a list of users without a password. From here, I do not know where to go. If anyone can help PM me, thank you.

I need help
I found many credentials non of them usable

i got root.txt
thanks for everyone
FEEL FREE TO PM

Finally, pwned it. I’ve learned a new thing. Thanks, @syan1de for an awesome hint. Feel free to PM me if you got stuck.

Rooted! Thanks @idealphase for the nudge! Anyone who need help feel free to pm :wink:

Type your comment> @Ryan412 said:

The moment when this is a 30 points box making it equivalent to Unattended and Arkham …

This.

any hint to get auth token…

Type your comment> @iamsundi said:

any hint to get auth token…
in pm

Hm… This box is very ctf-like. But thanks to the author
Hints:
User - Enum and do it.
Root - Just do it. =)

Type your comment> @Ralveng said:

Type your comment> @iamsundi said:

any hint to get auth token…
in pm
check pm

Type your comment> @agr0 said:

Gobuster won’t work by default because one of the directories in question will respond with a 403 status code, which gobuster chooses to ignore unless you configure otherwise.

I think you meant 401 rather than 403 (gobuster will list 403 by default, but not 401.) At least that was my experience.

Hello,can someone help me?I am stuck on odd port

Edit:
Solved.I expected it to be more difficult. Thanks @lionelc for help with curl

Got root before user, is that the normal sequence? lol. Thanks for the box. Easy once you figure out the initial foothold.

I have a login credential but I can not find where to use.

same here, a little stuck!!

Just rooted!
Once past the initial foothold it was easy. All in all a fun box, but the root part was a bit disappointing.

Just rooted. Didn’t like it. Root part - huge meh

why do the web servers become unresponsive once i directory scan? happens every single time i can never fully enumerate