Thanks @iamsundi for his help.
Now i know that not all seclists are the same. Was missing one URL in my enum results.
At this point there are more than enough hints on this thread. Especially medium.com tutorial. After you get the token use it as much as possible and use what you found to generate new URLs to get even more info.
I am trying to build the proper request to get the T****, but I am receiving a “Forbidden” response when using curl. Any hint or help here would be appreciated.
Rooted! This does feel very CTF-esque but this is the first box i’ve gone through where I felt confident in knowing what the next step was. Had to resort to the forum for that medium post because I didn’t have the language understanding to accurately google.
This thread has enough to go on hint wise but i’ll reiterate what was ambiguously referenced in a few posts:
You will find passwords that don’t always work with the username. Try substituting the user for common alternatives that would make sense for the system you’re accessing.
During enumeration you will need to run dirbuster or configure gobuster to show 401/403s.
a bit annoyed by the enumeration part … I’m not extremely patient. especially the initial username swap.
The medium article is spot on.
You can also get a shell, creativity is the limit when you are already root.
Not my favorite box to be honest, but the odd port service part was useful to learn something new.
Ok I’m stuck but I feel like I’m so close. Can someone nudge me in the right direction please?
I got the t**** and a list of c*********s and I swear I’ve tried them on every login form I can find (total of 3) and none of them are working anywhere.
This machine was easier that I thought, I lost myself just because a didn’t do enough enumeration and this is very bad.
Thanks to @takeiteasy@anonymous187 and @halfluke that helped me out.
About user: enumeration, enumeration, enumeration and again enumeration. Gobuster is very bad in this machine, use dirb or dirbuster, expecially the second one was amazing.
Then learn a bit about how to get something from the port 3***, the medium guide is perfect for this
About root: after you’ve enumerated EVERYTHING in the port 3***, then you will already have all you need.
This box reminded me of a date I was on a few years ago - first part i was pleased with thinking i had probed where i needed to, got the responses I needed and it was going to be easy. As it went on i encountered things I had not done before, learned a few new tricks and spent quite a few moments trying to work out what does in where.
Once I had finished I sat on the couch catching my breath feeling please with myself!
This box reminded me of a date I was on a few years ago - first part i was pleased with thinking i had probed where i needed to, got the responses I needed and it was going to be easy. As it went on i encountered things I had not done before, learned a few new tricks and spent quite a few moments trying to work out what does in where.
Once I had finished I sat on the couch catching my breath feeling please with myself!
Hi guys . i get usernames and the Password W******* from port 3***, i tried in combination the usernames with that password on 3 login pages, but nothing works. Im stuck, any help?
Hi guys . i get usernames and the Password W******* from port 3***, i tried in combination the usernames with that password on 3 login pages, but nothing works. Im stuck, any help?
Hi guys . i get usernames and the Password W******* from port 3***, i tried in combination the usernames with that password on 3 login pages, but nothing works. Im stuck, any help?
All the users you found have their own passwords that need to be obtained. Same way you found that password you can find the other passwords that will work somewhere else.