Luke

Only JWT part is challenging(That too could’ve been easier if i did some basic stuffs first…instead of thinking complex)…other than that it’s really straight forward… And thanks for @illuminatiguy for the nudge!!

can someone please pm me regarding the c*** syntax? I have been stuck for days now

Type your comment> @GlobalVariable said:

I have all the credentials from port 3***, but I am not able to login on any of the login pages, can anybody help?

I have the same issue. I’ve been chasing my tail for a day. Pretty sure I have all the URL’s as well. Nothing works for me.

That was an interesting box that made me learn some things I didn’t know. It was all a matter of chasing down credentials and proper enumeration. The rest just falls in your lap.

Can someone please pm me now ! I found the creds on port 3*** and used them in the lo*** in port 80 and it doesn’t work !! and also on port 8***

Finally got it…really some confusing (and frustrating) concepts here but once you get to a certain level you simply have it (and as mentioned before, root almost easier then user :wink: ).

Thanks a bunch to @hoodedfigure for the patient help and giving just enough information to not spoil it and still keep me going. Much appreciated.

I suffered a lot, but unintentionally I first got the ‘Root’ then the user (it was simpler).

Thanks to @illuminatiguy , @mava and @HEXE for their hints!

If anyone wants hint, PM me

PD:
I am from spain…

I am one of the many stuck on the c*** command syntax, been stumped for several days now. Anyone that can PM with advice?

Finally rooted
It took me to much time because or the curl sintax, at the time it worked i already had all i needed

Thanks to @poe for all the assistance

Finally rooted thanks to @HenryClarke for highlighting something I’d discovered during enumeration then disregarded.
PM me for hints without spoilers :wink:

could someone pm me for hints?
EDIT: Found token and some creds,

Type your comment> @no0n3 said:

could someone pm me for hints?
EDIT: Found token and some creds,

I think I’m in the same boat, found the credentials, without passwords… I could use a hint as well :astonished:

hey guy i’m trying to get T**** and my command return Forbidden could i get some help please?

Hint for all those that have all the creds and can’t find where to use them:
Lots of web applications have two places to login, one for users and one for admins. Take another look at your enumerated folders.

i tried Z***************** Pwith all possible U* but i could not login to any platform

Type your comment> @SkoN said:

i tried Z***************** Pwith all possible U* but i could not login to any platform

PM me bro… :blush:

Rooted few days ago, it was fun box though it’s CTF-like lol, PM me if you need some hints.

well I need some help. I am really new to this but am working towards OSCP to get into the security field. Any nudge would be helpful. I have read the articles about JWT’s and just cant seem to grasp how to get these user creds from 3k. I have plenty of directories that are on that port but I cant seem to get around the A*** T****.

Type your comment> @Sephrost said:

Finally rooted
It took me to much time because or the curl sintax, at the time it worked i already had all i needed

Thanks to @poe for all the assistance

Hi, how did you resolve the “Please Auth” issue? I have generated a token but am unable to use it.

Type your comment> @zweeden said:

Just rooted. Interesting box, not really a fan of it but interesting nonetheless. Thanks to all those that helped. More than willing to help out if you need direction :slight_smile:
PM me

Hi, how did you overcome the “please auth” issue?
I have generated the token, but I don’t know how to use it.
Would be glad for your help.

EDIT: Rooted!