Hey all, this machine is frustrating the ■■■■ out of me. I understand that you need to play with c*** to generate a t****, which you then submit to a high service.
But it doesn’t seem to like any tokens I generate. Do they need to be b64 encoded?
Rooted, Got stuck for a while trying to figure out where to get the a*** t**** from because I didn’t differentiate between the different errors. The “odd” port is really interesting, I learned a lot.
Feel free to PM for a nudge
Great Box, learned a lot about JSON, didn’t know much about that…glad i learned something new…root is straight forward, and of course i learned to enumerate in each sites…2nd box finished without hints
Thanks @iamsundi for his help.
Now i know that not all seclists are the same. Was missing one URL in my enum results.
At this point there are more than enough hints on this thread. Especially medium.com tutorial. After you get the token use it as much as possible and use what you found to generate new URLs to get even more info.
Ok , the medium part I needed to learn but it has frustrated me so much I could no longer think what to do with the users. Nice post mate!
Just to reiterate, once you find all the credentials (after the jwt token part), you need to check for websites for 401s!
I could only find one single 401 status page with dirbuster. Is there any more than that? Also, is there any 403 by any chance? I am not able to find it…
I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:
ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!
I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:
ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!
I am having some fun with DirBuster, please do not give me any pointer
I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:
ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!
I am having some fun with DirBuster, please do not give me any pointer
I am glad, I did not give up. Finally, I pwned this box!
I am noob here and doing this (2 weeks maybe) so never used postman and dirbuster. They helped a lot. Also read a lot about JWT token-based authentication. I learned a bunch with this second box I pwned. Thanks everyone!
I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:
ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!
I am having some fun with DirBuster, please do not give me any pointer
I am glad, I did not give up. Finally, I pwned this box!
I am noob here and doing this (2 weeks maybe) so never used postman and dirbuster. They helped a lot. Also read a lot about JWT token-based authentication. I learned a bunch with this second box I pwned. Thanks everyone!