Luke

Hm… This box is very ctf-like. But thanks to the author
Hints:
User - Enum and do it.
Root - Just do it. =)

Type your comment> @Ralveng said:

Type your comment> @iamsundi said:

any hint to get auth token…
in pm
check pm

Type your comment> @agr0 said:

Gobuster won’t work by default because one of the directories in question will respond with a 403 status code, which gobuster chooses to ignore unless you configure otherwise.

I think you meant 401 rather than 403 (gobuster will list 403 by default, but not 401.) At least that was my experience.

Hello,can someone help me?I am stuck on odd port

Edit:
Solved.I expected it to be more difficult. Thanks @lionelc for help with curl

Got root before user, is that the normal sequence? lol. Thanks for the box. Easy once you figure out the initial foothold.

I have a login credential but I can not find where to use.

same here, a little stuck!!

Just rooted!
Once past the initial foothold it was easy. All in all a fun box, but the root part was a bit disappointing.

Just rooted. Didn’t like it. Root part - huge meh

why do the web servers become unresponsive once i directory scan? happens every single time i can never fully enumerate

I would appreciate some hints for this box. Please IM me … I already have some creds.

Rooted.
Learned some things about port 3… Grate box thanks to author.
User: If you nothing found with one tool, - use another.
Play with username
Root: Trust me: you’ll see - nothing to do.
Steel stack PM me.

Should the 8*** app be blank and do you need to do something to use the plugin?

Best box in awhile

Type your comment> @snox said:

Rooted! In my opinion this box is too much CTF-like… and the fact that there is no privesc is very Disappointing :-/

Anyway, my hints for this box are:

  • Enumerate everything
  • Explore all services… specially the one that gives you an odd response (google is your friend)
  • No need to brute force… seriously!

You said everything.
Ive learned many things about the service behind the 3* port but the box would have been better with a privesc to root.

Anyway, thx to the author for the work.

Not sure where to use the db creds…any hints? Please PM…don’t want to spoil too much as far as what I have done with it.

So I’ve enumerated common ports and have found db cress and the several login pages via busting. I’ve poked the odd port and have only found 2 endpoints via busting that are looking for auth. I’ve googled to no avail on how to enumerate. Could use a nudge please!

Type your comment> @zweeden said:

So I’ve enumerated common ports and have found db cress and the several login pages via busting. I’ve poked the odd port and have only found 2 endpoints via busting that are looking for auth. I’ve googled to no avail on how to enumerate. Could use a nudge please!

In the same spot. Could use some tips please!

This is the first machine in which first I got root then user, finally Rooted. Thanks to @tiger5tyle
If anyone needs help feel free to ping me.

any hints for auth token? thanks