Luke

Finally rooted
It took me to much time because or the curl sintax, at the time it worked i already had all i needed

Thanks to @poe for all the assistance

Finally rooted thanks to @HenryClarke for highlighting something I’d discovered during enumeration then disregarded.
PM me for hints without spoilers :wink:

could someone pm me for hints?
EDIT: Found token and some creds,

Type your comment> @no0n3 said:

could someone pm me for hints?
EDIT: Found token and some creds,

I think I’m in the same boat, found the credentials, without passwords… I could use a hint as well :astonished:

hey guy i’m trying to get T**** and my command return Forbidden could i get some help please?

Hint for all those that have all the creds and can’t find where to use them:
Lots of web applications have two places to login, one for users and one for admins. Take another look at your enumerated folders.

i tried Z***************** Pwith all possible U* but i could not login to any platform

Type your comment> @SkoN said:

i tried Z***************** Pwith all possible U* but i could not login to any platform

PM me bro… :blush:

Rooted few days ago, it was fun box though it’s CTF-like lol, PM me if you need some hints.

well I need some help. I am really new to this but am working towards OSCP to get into the security field. Any nudge would be helpful. I have read the articles about JWT’s and just cant seem to grasp how to get these user creds from 3k. I have plenty of directories that are on that port but I cant seem to get around the A*** T****.

Type your comment> @Sephrost said:

Finally rooted
It took me to much time because or the curl sintax, at the time it worked i already had all i needed

Thanks to @poe for all the assistance

Hi, how did you resolve the “Please Auth” issue? I have generated a token but am unable to use it.

Type your comment> @zweeden said:

Just rooted. Interesting box, not really a fan of it but interesting nonetheless. Thanks to all those that helped. More than willing to help out if you need direction :slight_smile:
PM me

Hi, how did you overcome the “please auth” issue?
I have generated the token, but I don’t know how to use it.
Would be glad for your help.

EDIT: Rooted!

Type your comment> @TahaRavvaha said:

Type your comment> @zweeden said:

Just rooted. Interesting box, not really a fan of it but interesting nonetheless. Thanks to all those that helped. More than willing to help out if you need direction :slight_smile:
PM me

Hi, how did you overcome the “please auth” issue?
I have generated the token, but I don’t know how to use it.
Would be glad for your help.

I have the same problem with you

Figured out syntax, got the four creds. tried them all against the m******** login page on 80 and i’m still not able to get in (incorrect info error) any tips are appreciated. Thanks

EDIT : Had to dig a little more, got it :wink:

Hello gents,
may i have a nudge on the right direction please?
a newbie is here :slight_smile:
THanks in advance

Type your comment> @TahaRavvaha said:

Type your comment> @Sephrost said:

Finally rooted
It took me to much time because or the curl sintax, at the time it worked i already had all i needed

Thanks to @poe for all the assistance

Hi, how did you resolve the “Please Auth” issue? I have generated a token but am unable to use it.

I just got the T***n wrong the first time

Type your comment> @pp123 said:

Hello,

I am trying to build the proper request to get the T****, but I am receiving a “Forbidden” response when using curl. Any hint or help here would be appreciated.

PP

same situation…

rooted thanks to @m0f0

Im using c… to get the J… t…n but im also struggling with the syntax.
Am I guessing right that “.id_t…n” is not the correct syntax for the POST body?

Can anyone suggest me some dir-list or filenamelist? I had used minimum 8-9 lists but got nothing except c*****.p** and some login pages. From the discussion it seems that i am missing some 3-4 creds files/location.