Luke

Type your comment> @hacksack07 said:

Getting a bit stuck here. I’m on the second highest port part, I’m using C*** but I can’t get the token, when I try to use the Medium article (if I’m using the right one) I get an error ‘Invalid numeric literal at line 1, column 10’ if I try to force my own crafted token in it tells me ‘Token is not valid’ I’m seriously banging my head against a wall here. Any help would be appreciated.

Pm me on Login :: Hack The Box :: Penetration Testing Labs

Rooted. Phew that was an effort. Thanks so much to @Mava and @Godzkid, and also thanks to @Illuminatiguy for the offer but not needed now. Onto to the next machine :slight_smile:

@hacksack07 wow thanks for mentioning
if you believe i have helped you please give me respect on my profile
and congrats you rooted it finally .

Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please :slight_smile:

Type your comment> @Dreadless said:

Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please :slight_smile:

Did you find all the loginpageS on 80?

Hi I’ve rooted the box through 8*** F******** T******.

i was just trying for the fun of it to get a shell running through NC to my own terminal but i failed to find out how to do this. can someone give me some help on how to do this. just for learning purposes cause i already got thr root flag.

thx

Type your comment> @bakemonozero1 said:

Type your comment> @Dreadless said:

Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please :slight_smile:

Did you find all the loginpageS on 80?

Now i’m thinking I havent… will re-scan!

Type your comment> @bakemonozero1 said:

Type your comment> @Dreadless said:

Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please :slight_smile:

Did you find all the loginpageS on 80?

all I find is a css file. no where to actually log in. unless i am missing something

Type your comment> @Dreadless said:

Type your comment> @bakemonozero1 said:

Type your comment> @Dreadless said:

Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please :slight_smile:

Did you find all the loginpageS on 80?

all I find is a css file. no where to actually log in. unless i am missing something

some dirsearchers dont pay attention to 401 responses try using dirb with the big filelist

Hi,
Any special wordlist to use when using dirbuster/dirsearch. Been at it for a while now, with no tokens are users being discovered.

Type your comment> @bakemonozero1 said:

Type your comment> @Dreadless said:

Type your comment> @bakemonozero1 said:

Type your comment> @Dreadless said:

Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please :slight_smile:

Did you find all the loginpageS on 80?

all I find is a css file. no where to actually log in. unless i am missing something

some dirsearchers dont pay attention to 401 responses try using dirb with the big filelist

thank you I got root and user! was a pain to log in but when i found it, it was obvious lol big list was a great help!

ROOOTED!

Thx @illuminatiguy helped me to realize I was using a stupid -s flag killing my c**l output for the token!

Once I got the token I had already enumerated enough to get everything without problems…

Honestly this machine shouldn’t be 30 points.

If you need Help PM me :slight_smile:

Have spent the better part of the searching for everything you guys mentioned here but no closer to getting anywhere ?
Anyone willing to pm me a life line?

Can somebody PM me to give me a hint?

Got the DB cred and several Login pages.

Dont know what to “play” with the auth on port 3000.
Read the medium article, but I don’t know how to make this command sequence work.

Can someone PM me, {“success”:false,“message”:“Token is not valid”}, getting this error when following the medium guide. Just want to confirm syntax.

I got the creds and know where to use them, but still not able to authorize, is someone facing the same issue??

Edit: just reset the box and it got fixed.

Finally rooted

anyone got reverse shell on this box?

Type your comment> @Hannes08 said:

anyone got reverse shell on this box?

I did not need to spawn a reverse shell on this box at all…

rooted, thanks for the hints @pkaiser and @d3f3u17

As always, here to help anyone who needs it.

Rooted, thanks to @hacksack07 for the help with the t****.
Fun box.
Feel free to PM me if you need some hints.