Luke

Hi,
Any special wordlist to use when using dirbuster/dirsearch. Been at it for a while now, with no tokens are users being discovered.

Type your comment> @bakemonozero1 said:

Type your comment> @Dreadless said:

Type your comment> @bakemonozero1 said:

Type your comment> @Dreadless said:

Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can’t seem to use any of them to get into this ■■■■■■ machine! can someone lend a hand please :slight_smile:

Did you find all the loginpageS on 80?

all I find is a css file. no where to actually log in. unless i am missing something

some dirsearchers dont pay attention to 401 responses try using dirb with the big filelist

thank you I got root and user! was a pain to log in but when i found it, it was obvious lol big list was a great help!

ROOOTED!

Thx @illuminatiguy helped me to realize I was using a stupid -s flag killing my c**l output for the token!

Once I got the token I had already enumerated enough to get everything without problems…

Honestly this machine shouldn’t be 30 points.

If you need Help PM me :slight_smile:

Have spent the better part of the searching for everything you guys mentioned here but no closer to getting anywhere ?
Anyone willing to pm me a life line?

Can somebody PM me to give me a hint?

Got the DB cred and several Login pages.

Dont know what to “play” with the auth on port 3000.
Read the medium article, but I don’t know how to make this command sequence work.

Can someone PM me, {“success”:false,“message”:“Token is not valid”}, getting this error when following the medium guide. Just want to confirm syntax.

I got the creds and know where to use them, but still not able to authorize, is someone facing the same issue??

Edit: just reset the box and it got fixed.

Finally rooted

anyone got reverse shell on this box?

Type your comment> @Hannes08 said:

anyone got reverse shell on this box?

I did not need to spawn a reverse shell on this box at all…

rooted, thanks for the hints @pkaiser and @d3f3u17

As always, here to help anyone who needs it.

Rooted, thanks to @hacksack07 for the help with the t****.
Fun box.
Feel free to PM me if you need some hints.

Can somebody PM me to give me a hint?

Got the DB cred and several Login pages.

Dont know what to “play” with the auth on port 3000.
Read the medium article, but I don’t know how to make this command sequence work.

Type your comment> @Cli3nt said:

Can somebody PM me to give me a hint?

Got the DB cred and several Login pages.

Dont know what to “play” with the auth on port 3000.
Read the medium article, but I don’t know how to make this command sequence work.

use creds of the user with role “Web-Admin” on /man****nt page :slight_smile:

@Hannes08 said:
anyone got reverse shell on this box?

you don’t need a reverse shell… you already have it :slight_smile:

stuck for 2 days i dont understand how to freaking get that access on the odd port. just have that pwd found in that c*****.*** file, a bunch of usernames but having problem with *r for the request. need a nudge. tried different users but always get Forbidden. i’m enumerating since yesterday but can’t find anything else.

EDIT: Solved. thx to @CKasper

Got 1 cred and 3 login page, is there anything else that I’m missing? Should I enumerate more on port 3?

Type your comment> @M160 said:

Got 1 cred and 3 login page, is there anything else that I’m missing? Should I enumerate more on port 3?

You need to find more “users”, so you should curl on?..

Could I get a nudge? I think I have enumerated most everything. I am missing something.

finally rooted the box after several weeks (newbie here). many thanks to @zweeden @MarcelBC and @KnightyLion for all the help I needed. Cheers!!!

Rooted:)
Normalnaya tachka, learnt quite interesting things with JWT and playing with requests;)
Thanks to @GibParadox
Feel free to help.