Luke

hits:

1- get the :3***/l**** using cl
2- again using c
l with credential token get :3**/u****
3- Play around with all users that u have …
4- Enjoy HAckin9 …

FInally got it too, with some help though. I struggled to get auth working but i was so close (wrong endpoint used and small mistake in syntax). After that it’s rather smooth really. My tip would be: Make sure to really play around with users, mix and match so to say.

Thanks @H4d3s for the box! I learned so much (Don’t trust one single tool to always be the best option, enumerate enumerate enumerate, dare to play around and think outside of the box)

Type your comment

Got all users and tried them with the one password found in the c*****.p on the port 8** and on the /m********* but can’t login. Am I missing something?

Nvm, figured it out

what is the deal with this curl statement? I keep getting parsing issues when piping to jq, remove it and then I get nothing back…

this is madness. can anyone PM me because I’m losing my mind here…

I keep getting 400 bad request… i’ve done a lot of chopping on the medium curl command but whats up?!

baaaahahahahahahahah BAMO

Rooted the box. Not too bad as others already mentioned. Just recursive enumerate and keep good notes of the findings. root is very straight forward which then gives you user. PM for any hints.

What a Box! I firstly want to thank @GibParadox for his patience and help, and then I want to say I have most definitely learnt a lot from this. This being my first Box. Please contact me if you need assistance. :slight_smile:

Nice machine! Thanks for everyone for the help and, if you need some help with this machine feel free to PM me while it is fresh on mind. And sorry for my bad english. >D

getting too much messages if need help pm me on twitter @vj0shii and discord vj0shii#2136

Hey guys. I’m stuck on trying to send the t***n to port 3***. I’ve tried a whole lot of different usernames, different synonyms for root with different capitalizations etc. Yet I keep getting “T***n not valid”. Am I missing something? Would be really nice if someone could nudge me in the right direction here as I’ve been stuck for a long time now :smiley:

rooted this one as well, it was really hard to get through the webservice / jwt part, but once you get in, user and root are not challenging at all.

have a read over here A guide for adding JWT token-based authentication to your single page Node.js applications | by Naren Yellavula | Dev bits | Medium search a bit more on the issue and you will find more information on it, also remember root is not always the answer :slight_smile:

once you are in, getting user and root is straight forward.

good luck

Hi,

still stucked at the enumeration process. Didn’t find anything usefull. Any tips?

Rooted.

Very CTF like box. Feel free to PM for help.

Enum all directories with different directory enum tools to find some creds
use this: A guide for adding JWT token-based authentication to your single page Node.js applications | by Naren Yellavula | Dev bits | Medium
Use the two curl commands on the page, one after another
All this focus is on port 3000, get creative with your curl commands. Go deeper into the directories based on the info you find in the initial curl commands. What may be a subdirectory of user?

Try all the creds. Once you find a winning combo, enum all the pages inside for more creds. Then try those new creds wherever you can.

Once you log in to the new login portal after that, keep looking around, you’ll find the root shell underneath your nose.

Yes, its partially my own fault for over looking a certain file but this box pissed me off. Im pretty sure I couldve popped this in under 30 minutes. Maybe sooner!

Edit: I guess message of this story is enumerate until you cant anymore

GOT ROOT FEEL FREE TO PM FOR HELP

is the a*i on 8 not working properly? I could login, but nothing showed. Is that normal?

I keep getting “Cannot P***” wen using the C*** command. Any tips?

Finally owned user and root! thank to everyone for the help! As a newbie i must say i found it tought…i spent a lot of time on the c*** command.

Alos, for the newbie my advice would be: with the c*** command be sure to target the right URL. i know it seems obvious but i lost some time on the wrong URL.

I have no idea where these creds go, (got a few of them). if anyone can give me a pointer, wordlist to use or something. I have tried the creds in 3 different places, none of them seem to work…driving me up the wall