Luke

Rooted, thanks to @hacksack07 for the help with the t****.
Fun box.
Feel free to PM me if you need some hints.

Can somebody PM me to give me a hint?

Got the DB cred and several Login pages.

Dont know what to “play” with the auth on port 3000.
Read the medium article, but I don’t know how to make this command sequence work.

Type your comment> @Cli3nt said:

Can somebody PM me to give me a hint?

Got the DB cred and several Login pages.

Dont know what to “play” with the auth on port 3000.
Read the medium article, but I don’t know how to make this command sequence work.

use creds of the user with role “Web-Admin” on /man****nt page :slight_smile:

@Hannes08 said:
anyone got reverse shell on this box?

you don’t need a reverse shell… you already have it :slight_smile:

stuck for 2 days i dont understand how to freaking get that access on the odd port. just have that pwd found in that c*****.*** file, a bunch of usernames but having problem with *r for the request. need a nudge. tried different users but always get Forbidden. i’m enumerating since yesterday but can’t find anything else.

EDIT: Solved. thx to @CKasper

Got 1 cred and 3 login page, is there anything else that I’m missing? Should I enumerate more on port 3?

Type your comment> @M160 said:

Got 1 cred and 3 login page, is there anything else that I’m missing? Should I enumerate more on port 3?

You need to find more “users”, so you should curl on?..

Could I get a nudge? I think I have enumerated most everything. I am missing something.

finally rooted the box after several weeks (newbie here). many thanks to @zweeden @MarcelBC and @KnightyLion for all the help I needed. Cheers!!!

Rooted:)
Normalnaya tachka, learnt quite interesting things with JWT and playing with requests;)
Thanks to @GibParadox
Feel free to help.

Can someone PM me a nudge for the odd port just can’t seem to get the correct c*** syntax down.

Edit: got the token and the list of users, but can’t seem to get the passwords now…PM with hints please!

Popped it.

Here are my hints:
Enumerate the ■■■■ out of it.
Find the goodies on one port, use the goodies on another port… (google if you can’t figure out how)
Even MORE goodies here, try these goodies out somewhere else.
after that… yup, another goodie. The final goodie.

DM for nudges. Let me know what you’ve done so far.

Hey guys can anyone PM me on the JWT token I am not sure iam doing it right

Someone PM and help if you can stuck for one week

Folks any help for where to get the token? Have found the DB creds, but it seems that I can’t use it nowhere at the moment. or please PM me if needed :frowning:

Any one that can pm me, pertaining to the curl syntax - it would be greatly appreciated.

Edit: Got User & Root.
User was definitely the more difficult one, since it requires a syntax, and if you’re not familiar with jwt bearer tokens, it could be a very big pain in the ■■■.

Hack The Box

this box is meh

I have all the credentials from port 3***, but I am not able to login on any of the login pages, can anybody help?

Got my 30 points for this box. Thanks @H4d3s for the work <3

This box is not my favorite one. I learnt some stuff about jwt authentication but if you just
follow the medium article it’s feels a bit of cheating. I highly recommend to read some further articles about jwt authentication to understand what happend here.

HI all,
I’ve logged in to port 3*** fine and retrieved a list of usres but there’s no passwords, am I missing something obvious?
EDIT> Yes, I missing something obvious, found it

I see a lot of questions around syntax for c***, PM me for help anyone
Poe

Only JWT part is challenging(That too could’ve been easier if i did some basic stuffs first…instead of thinking complex)…other than that it’s really straight forward… And thanks for @illuminatiguy for the nudge!!