Luke

Type your comment> @seke said:

Type your comment> @v01t4ic said:

Thanks @iamsundi for his help.
Now i know that not all seclists are the same. Was missing one URL in my enum results.

At this point there are more than enough hints on this thread. Especially medium.com tutorial. After you get the token use it as much as possible and use what you found to generate new URLs to get even more info.

Ok , the medium part I needed to learn but it has frustrated me so much I could no longer think what to do with the users. Nice post mate!

@TigaxMT said:
ROOTED! Thanks for the hints @iamsundi

It’s a easy box you only need enumerate and work with you get.

If anyone need help ping me

congrats bro

Rooted. DM for hints.

Rooted. If you need hint, all you need is to read this topic, you will find everything you need.

Type your comment> @jimmy00 said:

Just to reiterate, once you find all the credentials (after the jwt token part), you need to check for websites for 401s!

I could only find one single 401 status page with dirbuster. Is there any more than that? Also, is there any 403 by any chance? I am not able to find it…

Spoiler Removed

I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!

Type your comment> @darktheli said:

I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!

I am having some fun with DirBuster, please do not give me any pointer :slight_smile:

@darktheli said:
Type your comment> @darktheli said:

I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!

I am having some fun with DirBuster, please do not give me any pointer :slight_smile:

I am glad, I did not give up. Finally, I pwned this box!

I am noob here and doing this (2 weeks maybe) so never used postman and dirbuster. They helped a lot. Also read a lot about JWT token-based authentication. I learned a bunch with this second box I pwned. Thanks everyone!

Type your comment> @darktheli said:

@darktheli said:
Type your comment> @darktheli said:

I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!

I am having some fun with DirBuster, please do not give me any pointer :slight_smile:

I am glad, I did not give up. Finally, I pwned this box!

I am noob here and doing this (2 weeks maybe) so never used postman and dirbuster. They helped a lot. Also read a lot about JWT token-based authentication. I learned a bunch with this second box I pwned. Thanks everyone!

Good job Bro…

I’ve tried doing the c**l with the right password but can’t figure out how to find the correct username, any hints?

I can not get the token to take at all. Keep getting Token is not valid. Is it the credentials from the previous step? I have tried several alternatives but can not get it to produce another token with anything different.

Type your comment> @ilezu said:

I’ve tried doing the c**l with the right password but can’t figure out how to find the correct username, any hints?

Are you able to retrieve any data from the API? It’s pretty common with REST APIs that if, for instance, a GET to /dogs returns a list of dogs that /dogs/spot might return more detailed information about a single dog.

@rootoor said:
I can not get the token to take at all. Keep getting Token is not valid. Is it the credentials from the previous step? I have tried several alternatives but can not get it to produce another token with anything different.

Typically the way that these things work is that you have some credentials which you provide and in exchange you’re given a token. Then you can use that token to make subsequent requests. These tokens typically have some expiration, but the design prevents you from having to send the username and password along with every request. Additionally, this design makes it easy for a bunch of “web services” to require authentication but not have to be concerned with things like securely handling sensitive data such as usernames and passwords.

Type your comment> @deviate said:

Type your comment> @ilezu said:

I’ve tried doing the c**l with the right password but can’t figure out how to find the correct username, any hints?

Are you able to retrieve any data from the API? It’s pretty common with REST APIs that if, for instance, a GET to /dogs returns a list of dogs that /dogs/spot might return more detailed information about a single dog.

Sure, I found the 4 users and tried these usernames with the db password for the API , but still getting a Forbidden.

Type your comment> @deviate said:

Type your comment> @ilezu said:

I’ve tried doing the c**l with the right password but can’t figure out how to find the correct username, any hints?

Are you able to retrieve any data from the API? It’s pretty common with REST APIs that if, for instance, a GET to /dogs returns a list of dogs that /dogs/spot might return more detailed information about a single dog.

wow your coment was the perfect hint for me :slight_smile: thank you very much!

Now stucked on the blank page, dont know what to do from here, any hints?

Type your comment> @cptUP said:

Type your comment> @darktheli said:

@darktheli said:
Type your comment> @darktheli said:

I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

ROOTED…
the biggest difficulty on this box is to get the auth token…
getting user and root after that step is a joke…
thanks to all the bros that helped me!!!

I am having some fun with DirBuster, please do not give me any pointer :slight_smile:

I am glad, I did not give up. Finally, I pwned this box!

I am noob here and doing this (2 weeks maybe) so never used postman and dirbuster. They helped a lot. Also read a lot about JWT token-based authentication. I learned a bunch with this second box I pwned. Thanks everyone!

Good job Bro…

Thanks man!, your comment inspires me to carry on I was throwing the towel.

Finally got the flags !! Wasn’t that tough once you know how to play with JWT . Thanks everyone for the support :smiley:

Good job! > @oldsoul said:

Finally got the flags !! Wasn’t that tough once you know how to play with JWT . Thanks everyone for the support :smiley:

Rooted!

Rooted.

Learnt something new about JWT and a few things to add during my initial recon.

Thanks @H4d3s