Luke

Type your comment> @v01t4ic said:

Thanks @iamsundi for his help.
Now i know that not all seclists are the same. Was missing one URL in my enum results.

At this point there are more than enough hints on this thread. Especially medium.com tutorial. After you get the token use it as much as possible and use what you found to generate new URLs to get even more info.

have a great day

Done with the box. Easy one.
no privsec for root :confused:
Dm for any doubts…

s1mple,
650 System owns
647 User owns

no privesc but It is necessary to downgrade))

Hello,

I am trying to build the proper request to get the T****, but I am receiving a “Forbidden” response when using curl. Any hint or help here would be appreciated.

PP

Rooted! This does feel very CTF-esque but this is the first box i’ve gone through where I felt confident in knowing what the next step was. Had to resort to the forum for that medium post because I didn’t have the language understanding to accurately google.

This thread has enough to go on hint wise but i’ll reiterate what was ambiguously referenced in a few posts:

  • You will find passwords that don’t always work with the username. Try substituting the user for common alternatives that would make sense for the system you’re accessing.
  • During enumeration you will need to run dirbuster or configure gobuster to show 401/403s.

Shoot me a PM if you need help!

a bit annoyed by the enumeration part … I’m not extremely patient. especially the initial username swap.
The medium article is spot on.
You can also get a shell, creativity is the limit when you are already root.
Not my favorite box to be honest, but the odd port service part was useful to learn something new.

Rooted :slight_smile:

Ok I’m stuck but I feel like I’m so close. Can someone nudge me in the right direction please?

I got the t**** and a list of c*********s and I swear I’ve tried them on every login form I can find (total of 3) and none of them are working anywhere.

Edit: Found something I overlooked. Thanks !

Got user and root.

This machine was easier that I thought, I lost myself just because a didn’t do enough enumeration and this is very bad.
Thanks to @takeiteasy @anonymous187 and @halfluke that helped me out.

About user: enumeration, enumeration, enumeration and again enumeration. Gobuster is very bad in this machine, use dirb or dirbuster, expecially the second one was amazing.
Then learn a bit about how to get something from the port 3***, the medium guide is perfect for this

About root: after you’ve enumerated EVERYTHING in the port 3***, then you will already have all you need.

PM me if you need more help!

Got creds, but none of them work?

Edit: rooted

Crazy enumeration.

Enough creds, 4 login points

What a fun box! @H4d3s thanks!

Edit: rooted

Its all about credential management and learned a thing or two with JWT’s.

Good box, although a bit frustated with all those portals and creds but overall a fun box.

+1 from me. Good job @H4d3s

Rooted!

This box reminded me of a date I was on a few years ago - first part i was pleased with thinking i had probed where i needed to, got the responses I needed and it was going to be easy. As it went on i encountered things I had not done before, learned a few new tricks and spent quite a few moments trying to work out what does in where.

Once I had finished I sat on the couch catching my breath feeling please with myself!

Type your comment> @gm0 said:

Rooted!

This box reminded me of a date I was on a few years ago - first part i was pleased with thinking i had probed where i needed to, got the responses I needed and it was going to be easy. As it went on i encountered things I had not done before, learned a few new tricks and spent quite a few moments trying to work out what does in where.

Once I had finished I sat on the couch catching my breath feeling please with myself!

LOL. I enjoyed this. Congrats!

Any help guys why am I getting “please auth” even after supplying the token???

I just got user and root files, also got root shell!

Nice box for the job you need to do on port 3000.

PP

Hi guys . i get usernames and the Password W******* from port 3***, i tried in combination the usernames with that password on 3 login pages, but nothing works. Im stuck, any help?

Type your comment> @Maxisadas said:

Hi guys . i get usernames and the Password W******* from port 3***, i tried in combination the usernames with that password on 3 login pages, but nothing works. Im stuck, any help?

Im on the same boat.

@Maxisadas said:

Hi guys . i get usernames and the Password W******* from port 3***, i tried in combination the usernames with that password on 3 login pages, but nothing works. Im stuck, any help?

@MrP4p3r said:

Im on the same boat.

All the users you found have their own passwords that need to be obtained. Same way you found that password you can find the other passwords that will work somewhere else.